Youdiancms

Youdiancms

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-3533

Exploit
  • EPSS 0.03%
  • Published 13.04.2025 10:15:14
  • Last modified 27.06.2025 12:18:44

A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cr...

6.1

CVE-2025-3532

Exploit
  • EPSS 0.03%
  • Published 13.04.2025 06:15:15
  • Last modified 27.06.2025 12:37:44

A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripti...

6.1

CVE-2025-3531

Exploit
  • EPSS 0.03%
  • Published 13.04.2025 05:31:04
  • Last modified 27.06.2025 12:38:40

A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is poss...

9.8

CVE-2024-57052

  • EPSS 0.27%
  • Published 27.01.2025 23:15:09
  • Last modified 27.06.2025 19:03:32

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.

6.3

CVE-2024-7330

Exploit
  • EPSS 0.04%
  • Published 01.08.2024 00:15:02
  • Last modified 23.08.2024 16:12:05

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request for...

9.8

CVE-2024-7329

Exploit
  • EPSS 0.1%
  • Published 31.07.2024 23:15:14
  • Last modified 23.08.2024 16:34:06

A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted uploa...

5.3

CVE-2024-7328

Exploit
  • EPSS 0.12%
  • Published 31.07.2024 23:15:13
  • Last modified 23.08.2024 15:25:53

A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The attack may be initiated remotely...

5.8

CVE-2024-3117

  • EPSS 0.03%
  • Published 31.03.2024 03:15:09
  • Last modified 30.06.2025 12:48:52

A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload. The att...

8.8

CVE-2022-32299

Exploit
  • EPSS 0.28%
  • Published 15.06.2022 17:15:09
  • Last modified 21.11.2024 07:06:08

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.

8.8

CVE-2022-32300

Exploit
  • EPSS 0.6%
  • Published 15.06.2022 17:15:09
  • Last modified 21.11.2024 07:06:08

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php.