Skip to main content

Skycaiji

10 CVEs product

Monthly

CVE-2025-1799 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Skycaiji
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-1791 MEDIUM This Month

A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass File Upload Skycaiji
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-39243 CRITICAL Act Now

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Skycaiji
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-39242 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Skycaiji
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-39241 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Skycaiji
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6252 MEDIUM This Month

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Skycaiji
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2023-33394 MEDIUM POC This Month

skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Skycaiji
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44351 CRITICAL POC Act Now

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Skycaiji
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-28096 HIGH POC THREAT This Week

Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Skycaiji
NVD GitHub
CVSS 3.1
7.2
EPSS
20.1%
CVE-2018-11371 HIGH POC This Week

SkyCaiji 1.2 allows CSRF to add an Administrator user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Skycaiji
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Skycaiji
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Skycaiji
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Skycaiji
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Skycaiji
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Skycaiji
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Skycaiji
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Skycaiji
NVD GitHub
EPSS 20% CVSS 7.2
HIGH POC THREAT This Week

Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Skycaiji
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

SkyCaiji 1.2 allows CSRF to add an Administrator user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Skycaiji
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy