What is CVE-2026-13529?

CVE-2026-13529 is a medium-severity vulnerability in Yzmcms, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 5.6/10. Published 2026-06-29.

How severe is CVE-2026-13529?

Medium severity. CVSS v3 base score is 5.6 out of 10.

SQL Injection in Yzmcms

CVE-2026-13529

A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotel…

EPSS: 0.002 (14.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.6 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

N/a Yzmcms — versions 7.0, 7.1, 7.2

Weakness classification (CWE)

References

cna@vuldb.com (technical-description, vdb-entry)
cna@vuldb.com (signature, permissions-required)
cna@vuldb.com (third-party-advisory)
cna@vuldb.com (third-party-advisory)
cna@vuldb.com (exploit)

Frequently asked questions

What is CVE-2026-13529?: CVE-2026-13529 is a medium-severity vulnerability in Yzmcms, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 5.6/10. Published 2026-06-29.
How severe is CVE-2026-13529?: Medium severity. CVSS v3 base score is 5.6 out of 10.