Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eyoucms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-26273
EyouCMS v1.5.4 exists to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
Eyoucms Eyoucms 1.5.4
7.5
CVSSv2
CVE-2022-26279
EyouCMS v1.5.5 exists to have no access control in the component /data/sqldata.
Eyoucms Eyoucms 1.5.5
NA
CVE-2023-31708
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows malicious users to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
Eyoucms Eyoucms 1.6.2
6.8
CVSSv2
CVE-2020-19669
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
Eyoucms Eyoucms 1.3.6
NA
CVE-2022-43323
EyouCMS V1.5.9-UTF8-SP1 exists to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
Eyoucms Eyoucms 1.5.9
7.5
CVSSv2
CVE-2020-24000
SQL Injection vulnerability in eyoucms cms v1.4.7, allows malicious users to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
Eyoucms Eyoucms 1.4.7
6.8
CVSSv2
CVE-2020-18129
A CSRF vulnerability in Eyoucms v1.2.7 allows an malicious user to add an admin account via login.php.
Eyoucms Eyoucms 1.2.7
NA
CVE-2023-48880
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.
Eyoucms Eyoucms 1.6.4
NA
CVE-2023-48881
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Field Title field at /login.php?m=admin&c=Field&a=arctype_add&_ajax=1&lang=cn.
Eyoucms Eyoucms 1.6.4
NA
CVE-2023-48882
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&_ajax=1&la...
Eyoucms Eyoucms 1.6.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »