Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
8.8CVSS
8.9AI Score
0.001EPSS
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,
7.2CVSS
7.2AI Score
0.004EPSS
AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
9.8CVSS
9.7AI Score
0.003EPSS
8.8CVSS
8.6AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.006EPSS
AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.
8.8CVSS
8.7AI Score
0.001EPSS
AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php
9.8CVSS
9.3AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.002EPSS
AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.
7.2CVSS
7.5AI Score
0.002EPSS