Filtered by vendor Eyoucms
Subscribe
Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15375 | 1 Eyoucms | 1 Eyoucms | 2026-01-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The exploit has been published and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8". | |||||
| CVE-2025-15374 | 1 Eyoucms | 1 Eyoucms | 2026-01-02 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing manipulation of the argument content results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8". | |||||
| CVE-2025-15373 | 1 Eyoucms | 1 Eyoucms | 2026-01-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8". | |||||
| CVE-2025-15143 | 1 Eyoucms | 1 Eyoucms | 2025-12-30 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-65868 | 1 Eyoucms | 1 Eyoucms | 2025-12-16 | N/A | 7.5 HIGH |
| XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request. | |||||
| CVE-2025-52335 | 1 Eyoucms | 1 Eyoucms | 2025-08-18 | N/A | 6.1 MEDIUM |
| EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information. | |||||
| CVE-2024-52680 | 1 Eyoucms | 1 Eyoucms | 2025-08-14 | N/A | 6.1 MEDIUM |
| EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. | |||||
| CVE-2024-23032 | 1 Eyoucms | 1 Eyoucms | 2025-06-20 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-3431 | 1 Eyoucms | 1 Eyoucms | 2025-06-05 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-23031 | 1 Eyoucms | 1 Eyoucms | 2025-06-04 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-23034 | 1 Eyoucms | 1 Eyoucms | 2025-05-29 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-23033 | 1 Eyoucms | 1 Eyoucms | 2025-05-29 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2024-22927 | 1 Eyoucms | 1 Eyoucms | 2025-05-15 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | |||||
| CVE-2022-41500 | 1 Eyoucms | 1 Eyoucms | 2025-05-15 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | |||||
| CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | N/A | 6.5 MEDIUM |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | |||||
| CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | |||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | |||||
| CVE-2022-45280 | 1 Eyoucms | 1 Eyoucms | 2025-04-25 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-39428 | 1 Eyoucms | 1 Eyoucms | 2025-04-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic. | |||||
| CVE-2024-48196 | 1 Eyoucms | 1 Eyoucms | 2025-04-18 | N/A | 7.5 HIGH |
| An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter. | |||||