Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
111034.6%CRITICAL

Related CVEs

11
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-1799A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. This affects the function previewAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument data leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.MEDIUM5.321.7%Mar 1, 2025
CVE-2025-1791A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument save_data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.MEDIUM5.327.7%Mar 1, 2025
CVE-2024-39243An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.CRITICAL9.838.6%Jun 26, 2024
CVE-2024-39242A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()).MEDIUM6.119.5%Jun 26, 2024
CVE-2024-39241Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview.MEDIUM6.119.5%Jun 26, 2024
CVE-2024-6252A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269419.MEDIUM5.127.6%Jun 22, 2024
CVE-2023-33394skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data.MEDIUM5.431.9%May 26, 2023
CVE-2022-44351Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.CRITICAL9.8Dec 7, 2022
CVE-2022-28096Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.HIGH7.2May 4, 2022
CVE-2020-18878Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'.MEDIUM5.377.8%Aug 20, 2021
CVE-2018-11371SkyCaiji 1.2 allows CSRF to add an Administrator user.NONE47.3%May 22, 2018