Aggregates CVE and security vulnerability intelligence across all yxcms-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk csrf, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-19404 | In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions. | [email protected] | 7.2 | 1.60% | 2018-11-21 | 2024-11-21 |
| CVE-2018-13025 | protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. | [email protected] | 4.9 | 0.85% | 2018-06-29 | 2024-11-21 |
| CVE-2018-11003 | An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel. | [email protected] | 6.5 | 0.70% | 2018-05-12 | 2024-11-21 |
| CVE-2018-8805 | Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. | [email protected] | 6.1 | 0.71% | 2018-03-20 | 2024-11-21 |
| CVE-2018-8761 | protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. | [email protected] | 7.5 | 0.89% | 2018-03-19 | 2024-11-21 |