CVE-2026-13529 | YzmCMS up to 7.5 index.php siteurl sql injection

Inserito da Angelo Barbosa | Giu 28, 2026 | CVE

A vulnerability categorized as critical has been discovered in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection.

This vulnerability is handled as CVE-2026-13529. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-13529 | YzmCMS up to 7.5 index.php siteurl sql injection

Post correlati

CVE-2025-39733 | Linux Kernel up to 6.15.9/6.16.0 team privilege escalation

CVE-2024-21514 | OpenCart up to 3.0.3.9 Divido Payment Extension sql injection (SNYK-PHP-OPENCARTOPENCART-7266565)

CVE-2023-33676 | SourceCodester Lost and Found Information System 1.0 ?page=items/view id sql injection

CVE-2024-9446 | WP Simple Anchors Links Plugin up to 1.0.0 on WordPress Shortcode wpanchor cross site scripting