A vulnerability categorized as critical has been discovered in YzmCMS up to 7.5 . This affects an unknown function of the file /application/install/index.php . Executing a manipulation of the argument siteurl can lead to sql injection. This vulnerability is handled as CVE-2026-13529 . The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.