Eyoucms

eyoucms

75 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Eyoucms

eyoucms

75 CVEs

CVEs (75)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-1107 1Eyoucms 1Eyoucms Apr 29, 2026 Jan 18, 2026 2.1 LOW· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lea...Show more A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-15375 1Eyoucms 1Eyoucms Apr 29, 2026 Dec 31, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argumen...Show more A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The exploit has been published and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".Show less
CVE-2025-15374 1Eyoucms 1Eyoucms Apr 29, 2026 Dec 31, 2025 2.0 LOW· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of the argument content r...Show more A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of the argument content results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".Show less
CVE-2025-15373 1Eyoucms 1Eyoucms Apr 29, 2026 Dec 31, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 6.5 MEDIUM· v2 A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launc...Show more A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".Show less
CVE-2025-15143 1Eyoucms 1Eyoucms Apr 29, 2026 Dec 28, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipula...Show more A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-65868 1Eyoucms 1Eyoucms Dec 16, 2025 Dec 3, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
CVE-2025-52335 1Eyoucms 1Eyoucms Aug 18, 2025 Aug 14, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.
CVE-2024-52680 1Eyoucms 1Eyoucms Aug 14, 2025 Aug 7, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.
CVE-2024-11211 1Eyoucms 1Eyoucms Nov 19, 2024 Nov 14, 2024 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch...Show more A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-11210 1Eyoucms 1Eyoucms Nov 19, 2024 Nov 14, 2024 5.3 MEDIUM· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath lea...Show more A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-48196 1Eyoucms 1Eyoucms Apr 18, 2025 Oct 28, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
CVE-2024-48195 1Eyoucms 1Eyoucms Apr 17, 2025 Oct 28, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
CVE-2024-3431 1Eyoucms 1Eyoucms Jun 5, 2025 Apr 7, 2024 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of th...Show more A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-42286 1Eyoucms 1Eyoucms Apr 16, 2025 Mar 14, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.
CVE-2024-23034 1Eyoucms 1Eyoucms May 29, 2025 Feb 1, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-23033 1Eyoucms 1Eyoucms May 29, 2025 Feb 1, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-23032 1Eyoucms 1Eyoucms Jun 20, 2025 Feb 1, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-23031 1Eyoucms 1Eyoucms Jun 4, 2025 Feb 1, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-22927 1Eyoucms 1Eyoucms May 15, 2025 Feb 1, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2023-50566 1Eyoucms 1Eyoucms Nov 21, 2024 Dec 14, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter...Show more A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.Show less

12 3 4 Next