Yfcmf Security Vulnerabilities and Issues — Yfcmf CVE List

Lucene search

YfcmfYfcmf

5 matches found

CVE•added 2023/06/02 12:15 p.m.•41 views

CVE-2023-3056

A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be u...

9.8CVSS7.1AI score0.00155EPSS

CVE•added 2023/06/02 1:15 p.m.•41 views

CVE-2023-3057

A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The ex...

9.8CVSS7AI score0.00155EPSS

CVE•added 2018/09/04 12:29 a.m.•30 views

CVE-2018-16431

admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.

8.8CVSS8.5AI score0.01004EPSS

CVE•added 2021/05/14 2:15 p.m.•26 views

CVE-2020-23689

In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page.

4.8CVSS4.8AI score0.00212EPSS

CVE•added 2021/05/14 3:15 p.m.•25 views

CVE-2020-23691

YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php.

9.8CVSS9.6AI score0.06472EPSS