RSS   Podatności dla 'Eyoucms'   RSS

2022-06-24
 
CVE-2022-33122

CWE-79
 
 
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.

 
2022-03-28
 
CVE-2022-26273

NVD-CWE-noinfo
 
 
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.

 
2022-03-24
 
CVE-2022-26279

CWE-863
 
 
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.

 
2022-01-14
 
CVE-2021-46255

NVD-CWE-noinfo
 
 
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.

 
2021-11-03
 
CVE-2020-24000

CWE-89
 
 
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.

 
2021-09-07
 
CVE-2021-39496

CWE-79
 
 
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.

 
 
CVE-2021-39497

CWE-918
 
 
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.

 
 
CVE-2021-39499

CWE-79
 
 
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.

 
 
CVE-2021-39500

CWE-22
 
 
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

 
 
CVE-2021-39501

CWE-601
 
 
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.

 

Copyright 2024, cxsecurity.com

 

Back to Top