EyoucmsCVEs & Vulnerabilities

69 CVEs affecting Eyoucms products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

eyoucms 69
CVE-2022-36225HIGH

EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.

19 Aug 2022
8.8
CVSS
CVE-2022-35509MEDIUM

An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.

10 Aug 2022
5.4
CVSS
CVE-2022-33122MEDIUM

A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.

25 Jun 2022
4.8
CVSS
CVE-2022-26273CRITICAL

EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.

28 Mar 2022
9.8
CVSS
CVE-2022-26279CRITICAL

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.

25 Mar 2022
9.8
CVSS
CVE-2021-42194HIGH

The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.

21 Mar 2022
7.2
CVSS
CVE-2021-46255HIGH

eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.

14 Jan 2022
8.1
CVSS
CVE-2020-24000CRITICAL

SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.

3 Nov 2021
9.8
CVSS
CVE-2021-39501MEDIUM

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.

8 Sep 2021
6.1
CVSS
CVE-2021-39500HIGH

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

8 Sep 2021
7.5
CVSS
CVE-2021-39499MEDIUM

A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.

7 Sep 2021
6.1
CVSS
CVE-2021-39497CRITICAL

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.

7 Sep 2021
9.8
CVSS
CVE-2021-39496MEDIUM

Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.

7 Sep 2021
5.4
CVSS
CVE-2020-20645MEDIUM

Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.

19 Aug 2021
5.4
CVSS
CVE-2020-20642HIGH

Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.

19 Aug 2021
8.8
CVSS
CVE-2020-19669HIGH

Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.

18 Aug 2021
8.8
CVSS
CVE-2020-28146MEDIUM

Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.

18 Aug 2021
6.1
CVSS
CVE-2020-21930MEDIUM

A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.

11 Aug 2021
5.4
CVSS
CVE-2020-21929MEDIUM

A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.

11 Aug 2021
5.4
CVSS
CVE-2020-18129HIGH

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.

23 Oct 2020
8.8
CVSS
CVE-2019-17430MEDIUM

EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.

10 Oct 2019
6.1
CVSS
← PrevPage 2 / 2Next →