Vulnerabilities > Eyoucms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-14 | CVE-2022-43323 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | 8.8 |
| 2022-11-14 | CVE-2022-44387 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | 8.8 |
| 2022-10-18 | CVE-2022-41500 | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.9 EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. | 8.8 |
| 2022-03-28 | CVE-2022-26273 | Unspecified vulnerability in Eyoucms 1.5.4 EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | 7.5 |
| 2021-11-03 | CVE-2020-24000 | SQL Injection vulnerability in Eyoucms 1.4.7 SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. | 7.5 |
| 2021-09-07 | CVE-2021-39497 | Server-Side Request Forgery (SSRF) vulnerability in Eyoucms 1.5.4 eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function. | 7.5 |