Yunucms: >> Yunucms >> 1.1.5 Security Vulnerabilities
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-11-11
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-11-11
An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-29
An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-29
An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-29
An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-29
An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-29
An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-29
An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-10-29