eyoucms 1.5.4 lacks sanitization of input data, allowing an malicious user to inject a url to trigger blind SSRF via the saveRemote() function.
eyoucms eyoucms 1.5.4