Shodan
Vulnerabilities
Vulnerable Software
Eyoucms:  >> Eyoucms  Security Vulnerabilities
CVE-2022-26279
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-03-24
CVE-2021-42194
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-03-20
CVE-2021-46255
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-01-14
CVE-2020-24000
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
CVSS Score
9.8
EPSS Score
0.023
Published
2021-11-03
CVE-2021-39500
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.
CVSS Score
7.5
EPSS Score
0.011
Published
2021-09-07
CVE-2021-39501
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
CVSS Score
6.1
EPSS Score
0.442
Published
2021-09-07
CVE-2021-39496
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-07
CVE-2021-39497
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-09-07
CVE-2021-39499
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-09-07
CVE-2020-20642
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved