Aggregates CVE and security vulnerability intelligence across all myucms_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk ssrf and vendor risk sql injection and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-21653 | Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method. | [email protected] | 9.1 | 0.25% | 2021-10-06 | 2024-11-21 |
| CVE-2020-21652 | Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | [email protected] | 9.8 | 3.28% | 2021-10-06 | 2024-11-21 |
| CVE-2020-21651 | Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | [email protected] | 9.8 | 3.52% | 2021-10-06 | 2024-11-21 |
| CVE-2020-21650 | Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | [email protected] | 8.8 | 3.67% | 2021-10-06 | 2024-11-21 |
| CVE-2020-21649 | Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. | [email protected] | 8.1 | 0.21% | 2021-10-06 | 2024-11-21 |