YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php.
CVSS Score
9.8
EPSS Score
0.065
Published
2021-05-14
In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-05-14
admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an administrator account.
CVSS Score
8.8
EPSS Score
0.01
Published
2018-09-04