Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eyoucms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-26273
EyouCMS v1.5.4 exists to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
Eyoucms Eyoucms 1.5.4
7.5
CVSSv2
CVE-2022-26279
EyouCMS v1.5.5 exists to have no access control in the component /data/sqldata.
Eyoucms Eyoucms 1.5.5
7.5
CVSSv2
CVE-2020-24000
SQL Injection vulnerability in eyoucms cms v1.4.7, allows malicious users to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
Eyoucms Eyoucms 1.4.7
7.5
CVSSv2
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject a url to trigger blind SSRF via the saveRemote() function.
Eyoucms Eyoucms 1.5.4
6.8
CVSSv2
CVE-2020-20642
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
Eyoucms Eyoucms 1.3.6
6.8
CVSSv2
CVE-2020-19669
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
Eyoucms Eyoucms 1.3.6
6.8
CVSSv2
CVE-2020-18129
A CSRF vulnerability in Eyoucms v1.2.7 allows an malicious user to add an admin account via login.php.
Eyoucms Eyoucms 1.2.7
6.5
CVSSv2
CVE-2021-42194
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
Eyoucms Eyoucms 1.5.4
5.8
CVSSv2
CVE-2021-39501
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
Eyoucms Eyoucms 1.5.4
5.5
CVSSv2
CVE-2021-46255
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.
Eyoucms Eyoucms 1.5.5-utf8-sp3 1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »