Vulnerabilities > Yzmcms > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2020-23595 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.6
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.
network
low complexity
yzmcms CWE-352
8.8
8.8
2022-02-15 CVE-2022-23384 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
network
low complexity
yzmcms CWE-352
8.8
8.8
2022-01-28 CVE-2022-23888 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.
network
low complexity
yzmcms CWE-352
8.8
8.8
2021-09-23 CVE-2020-19951 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.5
A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
network
low complexity
yzmcms CWE-352
8.8
8.8
2021-09-01 CVE-2020-20341 Server-Side Request Forgery (SSRF) vulnerability in Yzmcms 5.5
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
network
low complexity
yzmcms CWE-918
7.5
7.5
2021-06-03 CVE-2020-35970 Server-Side Request Forgery (SSRF) vulnerability in Yzmcms 5.8
An issue was discovered in YzmCMS 5.8.
network
low complexity
yzmcms CWE-918
7.5
7.5
2018-12-10 CVE-2018-20015 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.2
YzmCMS v5.2 has admin/role/add.html CSRF.
network
low complexity
yzmcms CWE-352
8.8
8.8
2018-03-18 CVE-2018-8756 Code Injection vulnerability in Yzmcms 3.7.1
Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request.
network
low complexity
yzmcms CWE-94
7.2
7.2
2018-03-01 CVE-2018-7579 SQL Injection vulnerability in Yzmcms 3.6
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.
network
low complexity
yzmcms CWE-89
7.2
7.2