📦 Eyoucms

This vulnerability allows attackers to include arbitrary PHP files in eyoucms v1.6.4 through template configuration manipulation, leading to remote code execution. Attackers can execute system command...

EyouCMS v1.5.5 lacks access control on the /data/sqldata component, allowing unauthenticated attackers to directly access sensitive database files. This affects all deployments using the vulnerable ve...

This SQL injection vulnerability in eyoucms v1.4.7 allows attackers to execute arbitrary SQL commands via the tid parameter in index.php. Attackers can potentially read, modify, or delete database con...

CVE-2021-39497 is a Server-Side Request Forgery (SSRF) vulnerability in eyoucms 1.5.4 that allows attackers to inject URLs via the saveRemote() function, potentially accessing internal systems. This a...

This XML external entity (XXE) injection vulnerability in eyoucms v1.7.1 allows remote attackers to cause denial of service by sending specially crafted POST requests. Attackers can exploit this to cr...

A remote attacker can exploit this vulnerability in eyouCMS v1.6.7 by sending a crafted script to the post parameter, potentially exposing sensitive information. This affects all systems running the v...

This XXE vulnerability in EyouCMS allows attackers to read sensitive files from the server or perform server-side request forgery by sending malicious XML data. It affects all users running vulnerable...

Eyoucms 1.5.4 contains a directory traversal vulnerability that allows attackers to write files outside intended directories by injecting '../' sequences in parameters. This affects all systems runnin...

This vulnerability in EyouCMS allows attackers to perform unrestricted file uploads via manipulation of the 'viewfile' parameter in the Member Avatar Handler component. This can lead to remote code ex...

CVE-2025-15375 is a remote code execution vulnerability in EyouCMS versions up to 1.7.7, caused by insecure deserialization in the arcpagelist handler. Attackers can exploit this flaw by sending speci...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in EyouCMS versions up to 1.7.7. Attackers can exploit the saveRemote function in application/function.php to make the server send...

This SQL injection vulnerability in EyouCMS allows attackers to manipulate database queries through the backend template management component. It affects EyouCMS versions up to 1.7.6 and can be exploi...

EyouCMS 1.6.7 contains a cross-site scripting vulnerability in the admin system configuration interface that allows attackers to inject malicious scripts. This affects administrators who access the vu...

A critical vulnerability in EyouCMS allows unrestricted file uploads via the Website Logo Handler component, enabling attackers to upload malicious files remotely. This affects EyouCMS versions up to ...

This vulnerability allows attackers to inject malicious scripts into the Ask module of EyouCMS through content manipulation, resulting in cross-site scripting (XSS). The attack can be executed remotel...