Vulnerabilities (CVE)

Filtered by vendor Yxtcmf Subscribe
Filtered by product Yxtcmf
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7733 1 Yxtcmf 1 Yxtcmf 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html.
CVE-2018-7732 1 Yxtcmf 1 Yxtcmf 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html.