Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
YiFang CMS update function can be tricked by hackers
CVE-2026-2933
Summary
A security weakness has been found in YiFang CMS's update function, which can be exploited by hackers to inject malicious code. This can happen when an attacker manipulates certain data. To stay safe, update to the latest version of YiFang CMS, version 2.0.6 or later, as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| yifangcms | yifang | <= 2.0.5 | – |
Original title
A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulat...
Original description
A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
3.3
nvd CVSS3.1
4.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
- https://github.com/ZZCTD/CVE/issues/4 Exploit Issue Tracking Third Party Advisory
- https://vuldb.com/?ctiid.347279 Permissions Required VDB Entry
- https://vuldb.com/?id.347279 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.755295 Third Party Advisory VDB Entry
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026