Vulnerabilities (CVE)

Filtered by vendor Lvyecms Project Subscribe
Filtered by product Lvyecms
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16903 1 Lvyecms Project 1 Lvyecms 2017-12-12 7.5 HIGH 9.8 CRITICAL
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.
CVE-2017-16904 1 Lvyecms Project 1 Lvyecms 2017-12-12 4.3 MEDIUM 6.1 MEDIUM
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.