Vulnerabilities > Eyoucms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-14	CVE-2022-44390	Cross-site Scripting vulnerability in Eyoucms 1.5.9 A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field. network low complexity eyoucms CWE-79	5.4
2022-10-18	CVE-2022-41500	Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9 EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. network low complexity eyoucms CWE-352	8.8
2022-08-19	CVE-2022-36225	Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.8 EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. network low complexity eyoucms CWE-352	8.8
2022-08-10	CVE-2022-35509	Cross-site Scripting vulnerability in Eyoucms 1.5.8 An issue was discovered in EyouCMS 1.5.8. network low complexity eyoucms CWE-79	5.4
2022-06-24	CVE-2022-33122	Cross-site Scripting vulnerability in Eyoucms 1.5.6 A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. network low complexity eyoucms CWE-79	4.8
2022-03-28	CVE-2022-26273	Unspecified vulnerability in Eyoucms 1.5.4 EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. network low complexity eyoucms critical	9.8
2022-03-24	CVE-2022-26279	Forced Browsing vulnerability in Eyoucms 1.5.5 EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. network low complexity eyoucms CWE-425 critical	9.8
2022-03-20	CVE-2021-42194	XXE vulnerability in Eyoucms 1.5.4 The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. network low complexity eyoucms CWE-611	7.2
2022-01-14	CVE-2021-46255	Unspecified vulnerability in Eyoucms 1.5.5Utf8Sp31 eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename. network low complexity eyoucms	8.1
2021-11-03	CVE-2020-24000	SQL Injection vulnerability in Eyoucms 1.4.7 SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. network low complexity eyoucms CWE-89 critical	9.8

Vulnerabilities > Eyoucms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Eyoucms"}]}

Vulnerabilities > Eyoucms