Skip to main content

Yunucms

13 CVEs product

Monthly

CVE-2019-5311 MEDIUM POC This Month

An issue was discovered in YUNUCMS V1.1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-5310 MEDIUM POC This Month

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19181 HIGH POC This Week

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Yunucms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-19180 CRITICAL POC Act Now

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Yunucms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18726 MEDIUM POC This Month

An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18725 MEDIUM POC This Month

An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18724 MEDIUM POC This Month

An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18723 MEDIUM POC This Month

An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18722 MEDIUM POC This Month

An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18721 MEDIUM POC This Month

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18720 MEDIUM POC This Month

An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-17322 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-9993 MEDIUM POC This Month

YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in YUNUCMS V1.1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Yunucms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yunucms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy