Filtered by vendor Yccms Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-20290 1 Yccms 1 Yccms 2024-11-21 7.5 High
Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability.
CVE-2020-20289 1 Yccms 1 Yccms 2024-11-21 9.8 Critical
Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.
CVE-2020-20287 1 Yccms 1 Yccms 2024-11-21 9.8 Critical
Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution.