RSS   Vulnerabilities for 'Yfcmf'   RSS

2021-05-14
 
CVE-2020-23689

CWE-79
 

 
In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page.

 
 
CVE-2020-23691

NVD-CWE-noinfo
 

 
YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php.

 
2018-09-03
 
CVE-2018-16431

CWE-352
 

 
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.

 


Copyright 2021, cxsecurity.com

 

Back to Top