CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Yzmcms: >> Yzmcms >> 3.7.1 Security Vulnerabilities

CVE-2018-10026

The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.

CVSS Score

4.8

EPSS Score

0.002

Published

2018-04-11

CVE-2018-8756

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request.

CVSS Score

7.2

EPSS Score

0.032

Published

2018-03-18

Page 1

Vulnerabilities

Vulnerable Software

Yzmcms: >> Yzmcms >> 3.7.1 Security Vulnerabilities

Products

Pricing

Contact Us