Shodan
Vulnerabilities
Vulnerable Software
Eyoucms:  >> Eyoucms  >> 1.5.4  Security Vulnerabilities
CVE-2022-45538
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-20
CVE-2022-45539
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-20
CVE-2022-45540
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-20
CVE-2022-45541
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-20
CVE-2022-45542
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-01-20
CVE-2021-39428
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for edit_users_head_pic.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-12-15
CVE-2022-26273
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-28
CVE-2021-42194
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-03-20
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.
CVSS Score
7.5
EPSS Score
0.011
Published
2021-09-07
CVE-2021-39501
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
CVSS Score
6.1
EPSS Score
0.625
Published
2021-09-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved