Vulnerabilities (CVE)

Filtered by vendor Yzmcms Subscribe

Filtered by product Yzmcms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 9 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-23595	1 Yzmcms	1 Yzmcms	2023-08-17	N/A	8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.
CVE-2022-23384	1 Yzmcms	1 Yzmcms	2022-02-19	6.8 MEDIUM	8.8 HIGH
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
CVE-2022-23888	1 Yzmcms	1 Yzmcms	2022-02-02	6.8 MEDIUM	8.8 HIGH
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.
CVE-2020-19951	1 Yzmcms	1 Yzmcms	2021-09-29	6.8 MEDIUM	8.8 HIGH
A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
CVE-2020-20341	1 Yzmcms	1 Yzmcms	2021-09-10	5.0 MEDIUM	7.5 HIGH
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
CVE-2020-35970	1 Yzmcms	1 Yzmcms	2021-06-09	5.0 MEDIUM	7.5 HIGH
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
CVE-2018-8756	1 Yzmcms	1 Yzmcms	2019-10-03	6.5 MEDIUM	7.2 HIGH
Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request.
CVE-2018-20015	1 Yzmcms	1 Yzmcms	2019-01-03	6.8 MEDIUM	8.8 HIGH
YzmCMS v5.2 has admin/role/add.html CSRF.
CVE-2018-7579	1 Yzmcms	1 Yzmcms	2018-03-22	6.5 MEDIUM	7.2 HIGH
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.