yxcms yxcms CVE Vulnerabilities (5)

CVEs: 5 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting yxcms yxcms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 15 of 5 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2018-19404 In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions. [email protected] 7.2 1.60% 2018-11-20 2026-06-16
CVE-2018-13025 protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. [email protected] 4.9 0.85% 2018-06-29 2026-06-16
CVE-2018-11003 An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. [email protected] 6.5 0.70% 2018-05-12 2026-06-16
CVE-2018-8805 Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. [email protected] 6.1 0.71% 2018-03-20 2026-06-16
CVE-2018-8761 protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. [email protected] 7.5 0.89% 2018-03-19 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence