Lylme Spage Security Vulnerabilities and Issues — Lylme Spage CVE List

Lucene search

LylmeLylme Spage

7 matches found

CVE•added 2024/05/17 2:15 p.m.•86 views

CVE-2024-34982

An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.

9.8CVSS8.1AI score0.7694EPSS

CVE•added 2023/10/17 8:15 p.m.•49 views

CVE-2023-45951

lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.

9.8CVSS9.8AI score0.00256EPSS

CVE•added 2024/06/04 10:15 p.m.•49 views

CVE-2024-36675

LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.

9.1CVSS7.2AI score0.14377EPSS

CVE•added 2023/10/17 8:15 p.m.•46 views

CVE-2023-45952

An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.

9.8CVSS9.6AI score0.00107EPSS

CVE•added 2024/10/28 8:15 p.m.•44 views

CVE-2024-48357

LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php.

9.8CVSS8.4AI score0.00096EPSS

CVE•added 2024/11/05 11:15 p.m.•40 views

CVE-2024-48176

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend.

9.8CVSS7.2AI score0.00177EPSS

CVE•added 2024/10/28 9:15 p.m.•38 views

CVE-2024-48356

LyLme Spage

9.8CVSS8.4AI score0.00096EPSS