4 matches found
CVE-2020-23768
CVE-2020-23768 describes an information-disclosure vulnerability in PHPPYUN before version 5.0.1, rooted in the Alibaba Payment Interface’s alipay_function.php log file. The issue allows an attacker to obtain users’ personal data, including email addresses and phone numbers. Public documentation ...
CVE-2018-18626
The vulnerability CVE-2018-18626 affects PHPYun v4.6, where del_action() mishandles the sql parameter in admin/model/database.class.php, allowing deletion of arbitrary files or directories via admin/index.php?m=database&c=del. Connected sources (Red Hat, CVE listings, PT-Security) confirm the iss...
CVE-2010-4796
CVE-2010-4796: Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the provinceid parameter to search.php and the e parameter to resumeview.php. These entries indicate the affected product and vulnerable parameters, with impacts desc...
CVE-2018-18713
CVE-2018-18713 affects PHPYun 4.6. The vulnerability is in the function down_sql_action() of /admin/model/database.class.php, allowing remote attackers to read arbitrary files via directory traversal using the URI m=database&c=down_sql&name=../. Impact is reading local files; no in-field exploit ...