Filtered by vendor Youke365
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18242 | 1 Youke365 | 1 Youke 365 | 2018-11-21 | 7.5 HIGH | 9.8 CRITICAL |
youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. | |||||
CVE-2018-18215 | 1 Youke365 | 1 Youke 365 | 2018-11-21 | 6.8 MEDIUM | 8.8 HIGH |
In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. |