Vulnerabilities > Yzmcms > Yzmcms > 3.7.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-11 | CVE-2018-10026 | Cross-site Scripting vulnerability in Yzmcms 3.7.1 The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. | 3.5 |
2018-03-18 | CVE-2018-8756 | Code Injection vulnerability in Yzmcms 3.7.1 Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request. | 6.5 |