Skip to main content

Yeager Cms

4 CVEs product

Monthly

CVE-2015-7571 HIGH POC This Week

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Yeager Cms
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.3%
CVE-2015-7570 HIGH POC PATCH This Week

Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF PHP Yeager Cms
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
6.2%
CVE-2015-7569 HIGH POC PATCH This Week

SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Yeager Cms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.5%
CVE-2015-7568 CRITICAL POC PATCH Act Now

SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Yeager Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.9%
EPSS 3% CVSS 7.8
HIGH POC This Week

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Yeager Cms
NVD Exploit-DB
EPSS 6% CVSS 7.2
HIGH POC PATCH This Week

Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF PHP Yeager Cms
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Yeager Cms
NVD Exploit-DB
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Yeager Cms
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy