Youdiancms

Youdiancms

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-3533

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.04.2025 10:15:14
  • Zuletzt bearbeitet 27.06.2025 12:18:44

A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cr...

6.1

CVE-2025-3532

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.04.2025 06:15:15
  • Zuletzt bearbeitet 27.06.2025 12:37:44

A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripti...

6.1

CVE-2025-3531

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.04.2025 05:31:04
  • Zuletzt bearbeitet 27.06.2025 12:38:40

A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is poss...

9.8

CVE-2024-57052

  • EPSS 0.27%
  • Veröffentlicht 27.01.2025 23:15:09
  • Zuletzt bearbeitet 27.06.2025 19:03:32

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.

6.3

CVE-2024-7330

Exploit
  • EPSS 0.04%
  • Veröffentlicht 01.08.2024 00:15:02
  • Zuletzt bearbeitet 23.08.2024 16:12:05

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request for...

9.8

CVE-2024-7329

Exploit
  • EPSS 0.1%
  • Veröffentlicht 31.07.2024 23:15:14
  • Zuletzt bearbeitet 23.08.2024 16:34:06

A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted uploa...

5.3

CVE-2024-7328

Exploit
  • EPSS 0.12%
  • Veröffentlicht 31.07.2024 23:15:13
  • Zuletzt bearbeitet 23.08.2024 15:25:53

A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The attack may be initiated remotely...

5.8

CVE-2024-3117

  • EPSS 0.03%
  • Veröffentlicht 31.03.2024 03:15:09
  • Zuletzt bearbeitet 30.06.2025 12:48:52

A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload. The att...

8.8

CVE-2022-32299

Exploit
  • EPSS 0.28%
  • Veröffentlicht 15.06.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 07:06:08

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.

8.8

CVE-2022-32300

Exploit
  • EPSS 0.6%
  • Veröffentlicht 15.06.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 07:06:08

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php.