Yuba U5Cms vulnerabilities
7 known vulnerabilities affecting yuba/u5cms.
Total CVEs
7
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2015-1576P3HIGHCVSS 7.5PoC≤ 3.9.32015-02-11
CVE-2015-1576 [HIGH] CWE-89 CVE-2015-1576: Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbit
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to
nvd
CVE-2015-1577P3MEDIUMCVSS 6.4PoC≤ 3.9.32015-02-11
CVE-2015-1577 [MEDIUM] CWE-22 CVE-2015-1577: Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote atta
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.
nvd
CVE-2022-32444P3MEDIUMCVSS 6.1PoCv8.3.52022-06-17
CVE-2022-32444 [MEDIUM] CWE-601 CVE-2022-32444: An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can caus
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.
nvd
CVE-2015-1578P4MEDIUMCVSS 5.8PoC≤ 3.9.32015-02-11
CVE-2015-1578 [MEDIUM] CVE-2015-1578: Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect user
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php.
nvd
CVE-2015-1575P4MEDIUMCVSS 4.3PoC≤ 3.9.32015-02-11
CVE-2015-1575 [MEDIUM] CWE-79 CVE-2015-1575: Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5ad
nvd
CVE-2022-34937P4HIGHCVSS 8.8v8.3.52022-08-03
CVE-2022-34937 [HIGH] CWE-352 CVE-2022-34937: Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component sa
Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.
nvd
CVE-2022-32442P4MEDIUMCVSS 6.1v8.3.52022-06-17
CVE-2022-32442 [MEDIUM] CWE-79 CVE-2022-32442: u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default ho
u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad=", it can cause html injection.
nvd