skycaiji CVE Vulnerabilities & Metrics

Focus on skycaiji vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About skycaiji Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with skycaiji. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total skycaiji CVEs: 8
Earliest CVE date: 22 May 2018, 16:29 UTC
Latest CVE date: 26 Jun 2024, 20:15 UTC

Latest CVE reference: CVE-2024-39242

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 200.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 200.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical skycaiji CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.7

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	3
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS skycaiji CVEs

These are the five CVEs with the highest CVSS scores for skycaiji, sorted by severity first and recency.

CVE-2018-11371 skycaiji Published on 22 May 2018, 16:29 UTC (CVSS: 6.8)
SkyCaiji 1.2 allows CSRF to add an Administrator user.
CVE-2022-28096 skycaiji Published on 04 May 2022, 13:15 UTC (CVSS: 6.5)
Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.
CVE-2020-18878 skycaiji Published on 20 Aug 2021, 14:15 UTC (CVSS: 5.0)
Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'.
CVE-2024-6252 skycaiji Published on 22 Jun 2024, 12:15 UTC (CVSS: 3.3)
A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerabili...
CVE-2024-39242 skycaiji Published on 26 Jun 2024, 20:15 UTC (CVSS: 0)
A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()).

All CVEs for skycaiji

CVE-2024-39242 skycaiji vulnerability CVSS: 0 26 Jun 2024, 20:15 UTC

A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()).

CVE-2024-39241 skycaiji vulnerability CVSS: 0 26 Jun 2024, 20:15 UTC

Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview.

CVE-2024-6252 skycaiji vulnerability CVSS: 3.3 22 Jun 2024, 12:15 UTC

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269419.

CVE-2023-33394 skycaiji vulnerability CVSS: 0 26 May 2023, 15:15 UTC

skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data.

CVE-2022-44351 skycaiji vulnerability CVSS: 0 07 Dec 2022, 19:15 UTC

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.

CVE-2022-28096 skycaiji vulnerability CVSS: 6.5 04 May 2022, 13:15 UTC

Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.

CVE-2020-18878 skycaiji vulnerability CVSS: 5.0 20 Aug 2021, 14:15 UTC

Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'.

CVE-2018-11371 skycaiji vulnerability CVSS: 6.8 22 May 2018, 16:29 UTC

SkyCaiji 1.2 allows CSRF to add an Administrator user.