Eyoucms
Monthly
Unrestricted file upload in EyouCMS versions up to 1.7.1/5.0 allows authenticated remote attackers to upload arbitrary files through manipulation of the viewfile parameter in the Member Avatar Handler component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An authenticated attacker could leverage this to upload malicious files and potentially achieve remote code execution.
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unrestricted file upload in EyouCMS versions up to 1.7.1/5.0 allows authenticated remote attackers to upload arbitrary files through manipulation of the viewfile parameter in the Member Avatar Handler component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. An authenticated attacker could leverage this to upload malicious files and potentially achieve remote code execution.
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.