Lucene search

Ayacms Security Vulnerabilities

cve

CVE-2020-23686

Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.

8.8CVSS

8.9AI Score

0.001EPSS

2021-11-02 06:15 PM

cve

CVE-2021-44238

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,

7.2CVSS

7.2AI Score

0.004EPSS

2022-03-01 03:15 PM

cve

CVE-2022-43074

AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

9.8CVSS

9.7AI Score

0.003EPSS

2022-11-10 08:15 PM

cve

CVE-2022-45548

AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.

8.8CVSS

8.6AI Score

0.001EPSS

2022-12-06 07:15 PM

cve

CVE-2022-45550

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).

9.8CVSS

9.6AI Score

0.006EPSS

2022-12-07 07:15 PM

cve

CVE-2022-46101

AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.

8.8CVSS

8.7AI Score

0.001EPSS

2022-12-22 06:15 PM

cve

CVE-2022-46102

AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php

9.8CVSS

9.3AI Score

0.002EPSS

2022-12-22 06:15 PM

cve

CVE-2022-47926

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php

9.8CVSS

9.3AI Score

0.002EPSS

2022-12-22 06:15 PM

cve

CVE-2022-48116

AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.

7.2CVSS

7.5AI Score

0.002EPSS

2023-01-27 08:15 PM