Vulnerabilities > Ayacms Project > Ayacms > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-27 CVE-2022-48116 Unspecified vulnerability in Ayacms Project Ayacms 3.1.2
AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.
network
low complexity
ayacms-project
7.2
7.2
2022-12-22 CVE-2022-46101 Code Injection vulnerability in Ayacms Project Ayacms 3.1.2
AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.
network
low complexity
ayacms-project CWE-94
8.8
8.8
2022-12-06 CVE-2022-45548 Unrestricted Upload of File with Dangerous Type vulnerability in Ayacms Project Ayacms 3.1.2
AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.
network
low complexity
ayacms-project CWE-434
8.8
8.8
2022-03-01 CVE-2021-44238 Code Injection vulnerability in Ayacms Project Ayacms 3.1.2
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,
network
low complexity
ayacms-project CWE-94
7.2
7.2
2021-11-02 CVE-2020-23686 Cross-Site Request Forgery (CSRF) vulnerability in Ayacms Project Ayacms 3.1.2
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
network
low complexity
ayacms-project CWE-352
8.8
8.8