Vulnerabilities > Youke365 > Youke 365 > 1.1.5

DATE CVE VULNERABILITY TITLE RISK
2018-10-11 CVE-2018-18215 Cross-Site Request Forgery (CSRF) vulnerability in Youke365 Youke 365 1.1.5
In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.
network
low complexity
youke365 CWE-352
8.8
8.8
2018-10-11 CVE-2018-18242 SQL Injection vulnerability in Youke365 Youke 365 1.1.5
youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86.
network
low complexity
youke365 CWE-89
critical
 9.8
9.8