Vulnerabilities for Eyoucms (...) - CXSECURITY.COM

Vulnerabilities for 'Eyoucms'

2022-06-24

CVE-2022-33122

CWE-79

A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.

2022-03-28

CVE-2022-26273

NVD-CWE-noinfo

EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.

2022-03-24

CVE-2022-26279

CWE-863

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.

2022-01-14

CVE-2021-46255

NVD-CWE-noinfo

eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.

2021-11-03

CVE-2020-24000

CWE-89

SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.

2021-09-07

CVE-2021-39496

CWE-79

Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.

CVE-2021-39497

CWE-918

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.

CVE-2021-39499

CWE-79

A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.

CVE-2021-39500

CWE-22

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

CVE-2021-39501

CWE-601

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.

Copyright 2024, cxsecurity.com