Lylme Lylme_spage
12 CVEs affecting Lylme Lylme_spage. Latest disclosed: 2025-05-11. Critical: 7, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-48176 | Critical | 9.8 | 2024-11-05 | Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshe… |
CVE-2024-48356 | Critical | 9.8 | 2024-10-28 | LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php. |
CVE-2024-48357 | Critical | 9.8 | 2024-10-28 | LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php. |
CVE-2024-34982 | Critical | 9.8 | 2024-05-17 | An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a craf… |
CVE-2023-45952 | Critical | 9.8 | 2023-10-17 | An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted… |
CVE-2023-45951 | Critical | 9.8 | 2023-10-17 | lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php. |
CVE-2024-36675 | Critical | 9.1 | 2024-06-04 | LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. |
CVE-2025-4543 | High | 7.3 | 2025-05-11 | A vulnerability, which was classified as critical, was found in LyLme Spage 2.1. This affects an unknown part of the file lylme_spage/blob/master/admin/ajax_li… |
CVE-2024-36674 | Medium | 6.1 | 2024-06-03 | LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php. |
CVE-2024-9790 | Medium | 4.7 | 2024-10-10 | A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulatio… |
CVE-2024-9789 | Medium | 4.7 | 2024-10-10 | A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipul… |
CVE-2024-9788 | Medium | 4.7 | 2024-10-10 | A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipul… |