Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ayacms_project | ayacms | 3.1.2 |
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ayacms_project | ayacms | 3.1.2 |
AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ayacms_project | ayacms | 3.1.2 |
AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ayacms_project | ayacms | 3.1.2 |
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ayacms_project | ayacms | 3.1.2 |
AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ayacms_project | ayacms | 3.1.2 |
AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ayacms_project | ayacms | 3.1.2 |
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ayacms_project | ayacms | 3.1.2 |
AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ayacms_project | ayacms | 3.1.2 |