Skip to main content

Youke 365

4 CVEs product

Monthly

CVE-2024-0304 MEDIUM This Month

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Youke 365
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0303 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Youke 365
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2018-18215 HIGH POC This Week

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Youke 365
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-18242 CRITICAL POC Act Now

youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Youke 365
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Youke 365
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Youke 365
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Youke 365
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Youke 365
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy