Vulnerabilities > Lylme > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2024-36675 | Server-Side Request Forgery (SSRF) vulnerability in Lylme Spage 1.9.5 LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. | 9.1 |
| 2023-10-17 | CVE-2023-45951 | SQL Injection vulnerability in Lylme Spage 1.7.0 lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php. | 9.8 |
| 2023-10-17 | CVE-2023-45952 | Unrestricted Upload of File with Dangerous Type vulnerability in Lylme Spage 1.7.0 An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 |