MidnightBSD

Advisories for yunyecms

CVE-2020-21377 HIGH

SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
yunyecms yunyecms 2.0.1
CVE-2020-21662

SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF.

Products Affected

Vendor Product Version
yunyecms yunyecms 2.0.2