MidnightBSD

Advisories for ayacms_project

CVE-2020-23686 MEDIUM

Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
ayacms_project ayacms 3.1.2
CVE-2021-44238 MEDIUM

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
ayacms_project ayacms 3.1.2
CVE-2022-43074

AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Products Affected

Vendor Product Version
ayacms_project ayacms 3.1.2
CVE-2022-45548

AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.

Products Affected

Vendor Product Version
ayacms_project ayacms 3.1.2
CVE-2022-45550

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).

Products Affected

Vendor Product Version
ayacms_project ayacms 3.1.2
CVE-2022-46101

AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.

Products Affected

Vendor Product Version
ayacms_project ayacms 3.1.2
CVE-2022-46102

AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php

Products Affected

Vendor Product Version
ayacms_project ayacms 3.1.2
CVE-2022-47926

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php

Products Affected

Vendor Product Version
ayacms_project ayacms 3.1.2
CVE-2022-48116

AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.

Products Affected

Vendor Product Version
ayacms_project ayacms 3.1.2