Eyoucms

eyoucms

Vendor: Eyoucms • 75 CVEs

CVEs (75)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-46255 1Eyoucms 1Eyoucms Nov 21, 2024 Jan 14, 2022 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.
CVE-2020-24000 1Eyoucms 1Eyoucms Nov 21, 2024 Nov 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
CVE-2021-39501 1Eyoucms 1Eyoucms Nov 21, 2024 Sep 7, 2021 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
CVE-2021-39500 1Eyoucms 1Eyoucms Nov 21, 2024 Sep 7, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.
CVE-2021-39499 1Eyoucms 1Eyoucms Nov 21, 2024 Sep 7, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
CVE-2021-39497 1Eyoucms 1Eyoucms Nov 21, 2024 Sep 7, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
CVE-2021-39496 1Eyoucms 1Eyoucms Nov 21, 2024 Sep 7, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
CVE-2020-20645 1Eyoucms 1Eyoucms Nov 21, 2024 Aug 19, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
CVE-2020-20642 1Eyoucms 1Eyoucms Nov 21, 2024 Aug 19, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
CVE-2020-19669 1Eyoucms 1Eyoucms Nov 21, 2024 Aug 18, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
CVE-2020-28146 1Eyoucms 1Eyoucms Nov 21, 2024 Aug 18, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
CVE-2020-21930 1Eyoucms 1Eyoucms Nov 21, 2024 Aug 10, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2020-21929 1Eyoucms 1Eyoucms Nov 21, 2024 Aug 10, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
CVE-2020-18129 1Eyoucms 1Eyoucms Nov 21, 2024 Oct 22, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.
CVE-2019-17430 1Eyoucms 1Eyoucms Nov 21, 2024 Oct 10, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.

Previous 1 2 34