Vulnerabilities > Eyoucms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2022-26273 | Unspecified vulnerability in Eyoucms 1.5.4 EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | 9.8 |
| 2022-03-24 | CVE-2022-26279 | Forced Browsing vulnerability in Eyoucms 1.5.5 EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | 9.8 |
| 2021-11-03 | CVE-2020-24000 | SQL Injection vulnerability in Eyoucms 1.4.7 SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. | 9.8 |
| 2021-09-07 | CVE-2021-39497 | Server-Side Request Forgery (SSRF) vulnerability in Eyoucms 1.5.4 eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. | 9.8 |