Vulnerabilities > Lylme > Lylme Spage > 1.7.0

DATE CVE VULNERABILITY TITLE RISK
2023-10-17 CVE-2023-45951 SQL Injection vulnerability in Lylme Spage 1.7.0
lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.
network
low complexity
lylme CWE-89
critical
 9.8
9.8
2023-10-17 CVE-2023-45952 Unrestricted Upload of File with Dangerous Type vulnerability in Lylme Spage 1.7.0
An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
lylme CWE-434
critical
 9.8
9.8