Login Sign Up

CVE-2021-39500

7.5 HIGH

📋 TL;DR

Eyoucms 1.5.4 contains a directory traversal vulnerability that allows attackers to write files outside intended directories by injecting '../' sequences in parameters. This affects all systems running Eyoucms 1.5.4 with default configurations.

💻 Affected Systems

Products:
  • Eyoucms
Versions: 1.5.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires writable directories in web root. All default installations are vulnerable.

📦 What is this software?

Eyoucms by Eyoucms

View all CVEs affecting Eyoucms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if attacker can write executable files to web-accessible directories.

🟠

Likely Case

Arbitrary file write allowing defacement, data theft, or privilege escalation by overwriting configuration files.

🟢

If Mitigated

Limited impact if file permissions restrict write access to critical directories.

🌐 Internet-Facing: HIGH - Web application directly exposed to internet with unauthenticated exploitation possible.
🏢 Internal Only: MEDIUM - Still vulnerable but attack surface reduced to internal network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple path traversal payloads work without authentication. Public exploit code exists in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.5.5 or later

Vendor Advisory: https://github.com/eyoucms/eyoucms/releases/tag/v1.5.4

Restart Required: No

Instructions:

1. Download latest version from official GitHub releases. 2. Backup current installation. 3. Replace vulnerable files with patched version. 4. Verify input validation is working.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to block '../' sequences in tpldir, filename, type, and nid parameters

Modify application code to sanitize user input before processing file operations

Web Application Firewall Rule

all

Block requests containing directory traversal patterns

Add WAF rule to block requests with '../' in URL parameters

🧯 If You Can't Patch

  • Restrict file permissions to prevent writing outside intended directories
  • Implement strict input validation at the web server level using mod_security or similar

🔍 How to Verify

Check if Vulnerable:

Test by sending requests with '../' sequences in tpldir, filename, type, or nid parameters and observe if file operations succeed outside intended directories.

Check Version:

Check admin panel or view source code version information

Verify Fix Applied:

Attempt same traversal attacks after patch - should be blocked or sanitized. Check version number in admin panel.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing '../' sequences in parameters
  • File write operations to unexpected directories
  • Failed file operations with traversal attempts

Network Indicators:

  • HTTP requests with encoded traversal sequences (%2e%2e%2f)
  • Multiple failed file operations followed by successful writes

SIEM Query:

web.url:*%2e%2e%2f* OR web.uri:*../* AND (web.param:tpldir OR web.param:filename OR web.param:type OR web.param:nid)

📊 Metadata

CVE ID: CVE-2021-39500
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-22
Published: September 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39500, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)