Vulnerabilities > Eyoucms

DATE CVE VULNERABILITY TITLE RISK
2022-03-28 CVE-2022-26273 Unspecified vulnerability in Eyoucms 1.5.4
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
network
low complexity
eyoucms
7.5
2022-03-24 CVE-2022-26279 Incorrect Authorization vulnerability in Eyoucms 1.5.5
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
network
low complexity
eyoucms CWE-863
7.5
2022-03-20 CVE-2021-42194 XXE vulnerability in Eyoucms 1.5.4
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
network
low complexity
eyoucms CWE-611
6.5
2022-01-14 CVE-2021-46255 Unspecified vulnerability in Eyoucms 1.5.5Utf8Sp31
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.
network
low complexity
eyoucms
5.5
2021-11-03 CVE-2020-24000 SQL Injection vulnerability in Eyoucms 1.4.7
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
network
low complexity
eyoucms CWE-89
7.5
2021-09-07 CVE-2021-39500 Path Traversal vulnerability in Eyoucms 1.5.4
Eyoucms 1.5.4 is vulnerable to Directory Traversal.
network
low complexity
eyoucms CWE-22
5.0
2021-09-07 CVE-2021-39501 Open Redirect vulnerability in Eyoucms 1.5.4
EyouCMS 1.5.4 is vulnerable to Open Redirect.
network
eyoucms CWE-601
5.8
2021-09-07 CVE-2021-39496 Cross-site Scripting vulnerability in Eyoucms 1.5.4
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
network
eyoucms CWE-79
3.5
2021-09-07 CVE-2021-39497 Server-Side Request Forgery (SSRF) vulnerability in Eyoucms 1.5.4
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
network
low complexity
eyoucms CWE-918
7.5
2021-09-07 CVE-2021-39499 Cross-site Scripting vulnerability in Eyoucms 1.5.4
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
network
eyoucms CWE-79
4.3