Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
CVSS Score
7.7
EPSS Score
0.004
Published
2025-05-05
Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities.
CVSS Score
4.1
EPSS Score
0.001
Published
2024-12-18
Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-03
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
CVSS Score
9.1
EPSS Score
0.004
Published
2019-01-03