CVE-2026-13529

Publié : 29 juin 2026

Modifié : 29 juin 2026

Score CVSS

5.6

MEDIUM

Description détaillée

A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Références et Patchs

https://github.com/drose025/security/blob/main/1.md https://vuldb.com/cve/CVE-2026-13529 https://vuldb.com/submit/840800 https://vuldb.com/vuln/374537 https://vuldb.com/vuln/374537/cti

Dernières Vulnérabilités

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII (name, email, phone, address, payment information) from calendar groups they do not own.

VOIR DÉTAILS

CVE-2026-56809

Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor.

VOIR DÉTAILS

CVE-2026-56808

DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product.

VOIR DÉTAILS