Filtered by vendor Myt Project
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25713 | 1 Myt Project | 1 Myt | 2026-04-17 | N/A | 7.1 HIGH |
| MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data. | |||||
| CVE-2019-13346 | 1 Myt Project | 1 Myt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MyT 1.5.1, the User[username] parameter has XSS. | |||||