Lvyecms Project Lvyecms — known CVE vulnerabilities
Every CVE whose affected-product data names Lvyecms Project Lvyecms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2017-16903 — CVSS 9.8 (critical): LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir…
CVE-2017-16904 — CVSS 6.1 (medium): The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log…