彙總 ayacms_project 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 CSRF 相關,可能在 生產負載與軟體部署 場景中帶來 檔案覆寫 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2022-48116 | AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. | [email protected] | 7.2 | 1.36% | 2023-01-27 | 2026-06-17 |
| CVE-2022-47926 | AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php | [email protected] | 9.8 | 0.79% | 2022-12-22 | 2026-06-17 |
| CVE-2022-46102 | AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php | [email protected] | 9.8 | 0.73% | 2022-12-22 | 2026-06-17 |
| CVE-2022-46101 | AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code. | [email protected] | 8.8 | 1.15% | 2022-12-22 | 2026-06-17 |
| CVE-2022-45550 | AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). | [email protected] | 9.8 | 1.47% | 2022-12-07 | 2026-06-17 |
| CVE-2022-45548 | AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. | [email protected] | 8.8 | 0.79% | 2022-12-06 | 2026-06-17 |
| CVE-2022-43074 | AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | [email protected] | 9.8 | 0.92% | 2022-11-10 | 2026-06-17 |
| CVE-2021-44238 | AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php, | [email protected] | 7.2 | 1.77% | 2022-03-01 | 2026-06-17 |
| CVE-2020-23686 | Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts. | [email protected] | 8.8 | 0.57% | 2021-11-02 | 2026-06-16 |