CVE-2026-13529
Last modified
CVE-2026-13529 is a medium-severity vulnerability rated 5.6/10 on the CVSS scale. A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| — | YzmCMS | 7.0; 7.1; 7.2; 7.3; 7.4; 7.5 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13529?
How severe is CVE-2026-13529?
How do I fix CVE-2026-13529?
Related CVEs from 2026
- CVE-2026-13523A weakness has been identified in GPAC up to 26.02.0. This a…3.3
- CVE-2026-13524A security vulnerability has been detected in CherryHQ cherr…5.6
- CVE-2026-13525A vulnerability was detected in CodeAstro Human Resource Man…6.3
- CVE-2026-13526A flaw has been found in SourceCodester Class and Exam Timet…7.3
- CVE-2026-13527A vulnerability has been found in SourceCodester Class and E…7.3
- CVE-2026-13528A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-…7.3
- CVE-2026-13530A vulnerability was identified in itsourcecode Hospital Mana…6.3
- CVE-2026-13531A security flaw has been discovered in itsourcecode Hospital…6.3
- CVE-2026-13532A weakness has been identified in itsourcecode Hospital Mana…6.3
- CVE-2026-13533A security vulnerability has been detected in agentejo Cockp…5.5
- CVE-2026-13534A vulnerability was detected in CherryHQ cherry-studio up to…5
- CVE-2026-13535A flaw has been found in CodeAstro Human Resource Management…6.3
Are you affected by CVE-2026-13529?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
