CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-42194

The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.5%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

https://github.com/eyoucms/eyoucms/issues/19
https://github.com/eyoucms/eyoucms/issues/19

Products affected by CVE-2021-42194

Eyoucms » Eyoucms » Version: 1.5.4

cpe:2.3:a:eyoucms:eyoucms:1.5.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-42194

Products

Pricing

Contact Us