LyLme/lylme_spage

LyLme/lylme_spage

Releases26

Frequency2 months 1 hour

Last Release 3 months ago

Stars886

六零导航页

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-36675 ↗	Jun 4, 2024Tuesday, 4 June 2024, 22:15	9.1 CRITICAL	—
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
CVE-2024-36674 ↗	Jun 3, 2024Monday, 3 June 2024, 16:15	6.1 MEDIUM	—
LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php.
CVE-2023-45951 ↗	Oct 17, 2023Tuesday, 17 October 2023, 20:15	9.8 CRITICAL	—
lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.
CVE-2023-45952 ↗	Oct 17, 2023Tuesday, 17 October 2023, 20:15	9.8 CRITICAL	—
An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.