Vulnerabilities for Yunucms (...) - CXSECURITY.COM

Vulnerabilities for 'Yunucms'

2021-08-12

CVE-2020-18445

CWE-79

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.

CVE-2020-18446

CWE-79

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.

2019-01-04

CVE-2019-5311

CWE-79

An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter.

CVE-2019-5310

CWE-79

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request.

2018-11-11

CVE-2018-19181

CWE-22

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file.

CVE-2018-19180

CWE-94

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php.

2018-10-29

CVE-2018-18726

CWE-79

An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.

CVE-2018-18725

CWE-79

An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5.

CVE-2018-18724

CWE-79

An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5.

CVE-2018-18723

CWE-79

An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.

Copyright 2024, cxsecurity.com