Gitee Exploits

62 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-4291 GITEE MEDIUM php
IdeaCMS <1.6 - Unrestricted Upload
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by ideacms_admin
423 stars
CVSS 6.3
CVE-2025-5569 GITEE MEDIUM php
IdeaCMS <1.8 - SQL Injection
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.
by ideacms_admin
423 stars
CVSS 6.3
CVE-2025-5569 GITEE MEDIUM php
IdeaCMS <1.8 - SQL Injection
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.
by ideacms_admin
423 stars
CVSS 6.3
CVE-2025-5013 GITEE MEDIUM php
HkCms <2.3.2.240702 - XSS
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by Hk_Cms
412 stars
CVSS 4.3
CVE-2025-45887 GITEE CRITICAL php
Wanglongcn Yifang - SSRF
Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.
by wanglongcn
305 stars
CVSS 9.1
CVE-2025-5381 GITEE LOW php
Wanglongcn Yifang < 2.0.2 - Path Traversal
A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by wanglongcn
305 stars
CVSS 2.7
CVE-2025-5383 GITEE LOW php
Wanglongcn Yifang < 2.0.2 - Code Injection
A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by wanglongcn
305 stars
CVSS 2.4
CVE-2025-45239 GITEE MEDIUM php
Qianfox Foxcms - Path Traversal
An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
by XinFox
238 stars
CVSS 5.3
CVE-2025-10787 GITEE MEDIUM php
MuYuCMS <2.7 - SSRF
A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used.
by monst
58 stars
CVSS 6.3
CVE-2025-10993 GITEE MEDIUM php
MuYuCMS <2.7 - Code Injection
A security flaw has been discovered in MuYuCMS up to 2.7. Affected by this issue is some unknown functionality of the file /admin.php of the component Template Management. The manipulation results in code injection. It is possible to launch the attack remotely.
by monst
58 stars
CVSS 4.7
CVE-2025-15130 GITEE MEDIUM php
shanyu SyCms <a242ef2d194e8bb249dc175e7c49f2c1673ec921 - Code Injec...
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
by shanyu
57 stars
CVSS 4.7
CVE-2025-15142 GITEE HIGH php
phpok3w - SQL Injection
A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
by 9786
9 stars
CVSS 7.3
By Source
All 62 Exploitdb 50,123 Writeup 46,583 Nomisec 21,106 Metasploit 3,189 Github 2,211 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,723 c 3,550 perl 2,854 html 2,053 php 1,332 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24