CVEDB API

Vulnerabilities

Vulnerable Software

Eyoucms: >> Eyoucms Security Vulnerabilities

CVE-2020-24000

SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.

CVSS Score

9.8

EPSS Score

0.023

Published

2021-11-03

CVE-2021-39500

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

CVSS Score

7.5

EPSS Score

0.011

Published

2021-09-07

CVE-2021-39501

EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.

CVSS Score

6.1

EPSS Score

0.625

Published

2021-09-07

CVE-2021-39496

Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.

CVSS Score

5.4

EPSS Score

0.002

Published

2021-09-07

CVE-2021-39497

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.

CVSS Score

9.8

EPSS Score

0.012

Published

2021-09-07

CVE-2021-39499

A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.

CVSS Score

6.1

EPSS Score

0.004

Published

2021-09-07

CVE-2020-20642

Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.

CVSS Score

8.8

EPSS Score

0.001

Published

2021-08-19

CVE-2020-20645

Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.

CVSS Score

5.4

EPSS Score

0.003

Published

2021-08-19

CVE-2020-19669

Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.

CVSS Score

8.8

EPSS Score

0.001

Published

2021-08-18

CVE-2020-28146

Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.

CVSS Score

6.1

EPSS Score

0.007

Published

2021-08-18

Prev Next

Page 7

Vulnerabilities

Vulnerable Software

Eyoucms: >> Eyoucms Security Vulnerabilities

Products

Pricing

Contact Us