VYPR

Eyoucms

by Eyoucms

CVEs (77)

  • CVE-2026-7389HigApr 29, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort_asc leads to sql injection. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-1107MedJan 18, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from…

  • CVE-2025-15375MedDec 31, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be…

  • CVE-2025-15373MedDec 31, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed…

  • CVE-2026-7388MedApr 29, 2026
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The…

  • CVE-2026-6561MedApr 19, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out…

  • CVE-2025-15143MedDec 28, 2025
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It…

  • CVE-2025-15374LowDec 31, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/model/Ask.php of the component Ask Module. Performing a manipulation of the argument content results in cross site scripting. The attack can be initiated…

  • CVE-2023-37645Jul 20, 2023
    risk 0.04cvss epss 0.24

    eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.

  • CVE-2021-39501Sep 7, 2021
    risk 0.03cvss epss 0.03

    EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.

  • CVE-2024-22927Feb 1, 2024
    risk 0.01cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.

  • CVE-2023-41597Nov 15, 2023
    risk 0.01cvss epss 0.01

    EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t.

  • CVE-2025-65868Dec 3, 2025
    risk 0.00cvss epss 0.00

    XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.

  • CVE-2025-52335Aug 14, 2025
    risk 0.00cvss epss 0.00

    EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.

  • CVE-2024-52680Aug 7, 2025
    risk 0.00cvss epss 0.00

    EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.

  • CVE-2024-11211Nov 14, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the…

  • CVE-2024-11210Nov 14, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely.…

  • CVE-2024-48196Oct 28, 2024
    risk 0.00cvss epss 0.01

    An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.

  • CVE-2024-48195Oct 28, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.

  • CVE-2024-3431Apr 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack…

Page 1 of 4