Vulnerabilities > Eyoucms > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-14 CVE-2024-11211 Unrestricted Upload of File with Dangerous Type vulnerability in Eyoucms
A vulnerability classified as critical has been found in EyouCMS up to 1.6.7.
network
low complexity
eyoucms CWE-434
7.2
7.2
2022-11-14 CVE-2022-43323 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
network
low complexity
eyoucms CWE-352
8.8
8.8
2022-11-14 CVE-2022-44387 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.
network
low complexity
eyoucms CWE-352
8.8
8.8
2022-10-18 CVE-2022-41500 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
network
low complexity
eyoucms CWE-352
8.8
8.8
2022-08-19 CVE-2022-36225 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.8
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.
network
low complexity
eyoucms CWE-352
8.8
8.8
2022-03-20 CVE-2021-42194 XXE vulnerability in Eyoucms 1.5.4
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
network
low complexity
eyoucms CWE-611
7.2
7.2
2022-01-14 CVE-2021-46255 Unspecified vulnerability in Eyoucms 1.5.5Utf8Sp31
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.
network
low complexity
eyoucms
8.1
8.1
2021-09-07 CVE-2021-39500 Path Traversal vulnerability in Eyoucms 1.5.4
Eyoucms 1.5.4 is vulnerable to Directory Traversal.
network
low complexity
eyoucms CWE-22
7.5
7.5
2021-08-19 CVE-2020-20642 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
network
low complexity
eyoucms CWE-352
8.8
8.8
2021-08-18 CVE-2020-19669 Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.3.6
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
network
low complexity
eyoucms CWE-352
8.8
8.8