CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-20290

Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 6.4

References

https://blog.jiguang.xyz/posts/yccms-directory-traversal-vulnerability-report/
https://blog.jiguang.xyz/posts/yccms-directory-traversal-vulnerability-report/

Products affected by CVE-2020-20290

Yccms » Yccms » Version: 3.3

cpe:2.3:a:yccms:yccms:3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-20290

Products

Pricing

Contact Us