Lylme Lylme_spage

12 CVEs affecting Lylme Lylme_spage. Latest disclosed: 2025-05-11. Critical: 7, High: 1.

Top CVEs affecting Lylme Lylme_spage
CVESeverityScorePublishedSummary
CVE-2024-48176Critical9.82024-11-05Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshe…
CVE-2024-48356Critical9.82024-10-28LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php.
CVE-2024-48357Critical9.82024-10-28LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php.
CVE-2024-34982Critical9.82024-05-17An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a craf…
CVE-2023-45952Critical9.82023-10-17An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted…
CVE-2023-45951Critical9.82023-10-17lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.
CVE-2024-36675Critical9.12024-06-04LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
CVE-2025-4543High7.32025-05-11A vulnerability, which was classified as critical, was found in LyLme Spage 2.1. This affects an unknown part of the file lylme_spage/blob/master/admin/ajax_li…
CVE-2024-36674Medium6.12024-06-03LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php.
CVE-2024-9790Medium4.72024-10-10A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulatio…
CVE-2024-9789Medium4.72024-10-10A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipul…
CVE-2024-9788Medium4.72024-10-10A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipul…