CVE-2024-9293 | skyselang yylAdmin up to 3.0 Backend File.php list is_disable sql injection

Posted by Angelo Barbosa | Sep 27, 2024 | CVE

A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component Backend. The manipulation of the argument is_disable leads to sql injection.

This vulnerability is known as CVE-2024-9293. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-9293 | skyselang yylAdmin up to 3.0 Backend File.php list is_disable sql injection

Related Posts

CVE-2023-46348 | SunnyToo sturls up to 1.1.12 on PrestaShop getInstanceId sql injection

CVE-2024-31852 | LLVM up to 18.1.2 LR Register stack-based overflow (Issue 80287)

CVE-2024-2560 | Tenda AC18 15.03.05.05 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery

CVE-2023-52717 | Huawei HarmonyOS/EMUI Lock Screen Module permission