doublefast/yunucms

doublefast/yunucms

Releases0

Stars1

云优CMS yunucms http://www.yunucms.com/

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-18445 ↗	Aug 12, 2021Thursday, 12 August 2021, 17:15	6.1 MEDIUM	4.3 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.
CVE-2020-18446 ↗	Aug 12, 2021Thursday, 12 August 2021, 17:15	4.8 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.
CVE-2019-5311 ↗	Jan 4, 2019Friday, 4 January 2019, 15:29	—	4.3 MEDIUM
An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter.
CVE-2019-5310 ↗	Jan 4, 2019Friday, 4 January 2019, 14:29	—	4.3 MEDIUM
YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request.
CVE-2018-19180 ↗	Nov 11, 2018Sunday, 11 November 2018, 17:29	—	7.5 HIGH
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php.
CVE-2018-19181 ↗	Nov 11, 2018Sunday, 11 November 2018, 17:29	—	6.4 MEDIUM
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file.