Vulnerabilities > Yzmcms > Yzmcms > 3.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-05 | CVE-2018-11554 | Information Exposure vulnerability in Yzmcms The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | 7.5 |
2018-03-04 | CVE-2018-7653 | Cross-site Scripting vulnerability in Yzmcms 3.6 In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. | 4.3 |
2018-03-01 | CVE-2018-7579 | SQL Injection vulnerability in Yzmcms 3.6 \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html. | 6.5 |
2018-02-26 | CVE-2018-7479 | Exposure of Resource to Wrong Sphere vulnerability in Yzmcms 3.6 YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php. | 5.0 |