Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3431 | 1 Eyoucms | 1 Eyoucms | 2025-06-05 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-23031 | 1 Eyoucms | 1 Eyoucms | 2025-06-04 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-23034 | 1 Eyoucms | 1 Eyoucms | 2025-05-29 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-23033 | 1 Eyoucms | 1 Eyoucms | 2025-05-29 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-22927 | 1 Eyoucms | 1 Eyoucms | 2025-05-15 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2022-41500 | 1 Eyoucms | 1 Eyoucms | 2025-05-15 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | |||||
| CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | N/A | 6.5 MEDIUM |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | |||||
| CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | |||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | |||||
| CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-39428 | 1 Eyoucms | 1 Eyoucms | 2025-04-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | |||||
| CVE-2024-48196 | 1 Eyoucms | 1 Eyoucms | 2025-04-18 | N/A | 7.5 HIGH |
| An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter. | |||||
| CVE-2024-48195 | 1 Eyoucms | 1 Eyoucms | 2025-04-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter. | |||||
| CVE-2023-42286 | 1 Eyoucms | 1 Eyoucms | 2025-04-16 | N/A | 9.8 CRITICAL |
| There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload. | |||||
| CVE-2022-45542 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 5.4 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file. | |||||
| CVE-2022-45541 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char. | |||||
| CVE-2022-45540 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char. | |||||
| CVE-2022-45539 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file. | |||||
| CVE-2022-45538 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL". | |||||
| CVE-2022-45537 | 1 Eyoucms | 1 Eyoucms | 2025-04-03 | N/A | 6.1 MEDIUM |
| EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL". | |||||