Vulnerabilities > Yxcms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-21 | CVE-2018-19404 | Code Injection vulnerability in Yxcms 1.4.7 In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. | 7.2 |
| 2018-03-19 | CVE-2018-8761 | Unspecified vulnerability in Yxcms 1.4.7 protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. | 7.5 |