eyoucms

Top products

The 15 most recently published vulnerabilities affecting eyoucms.

• CVE-2026-1107EyouCMS Member Avatar Diyajax.php check_userinfo unrestricted upload6.3Jan 18, 2026
• CVE-2025-15375EyouCMS arcpagelist Ajax.php unserialize deserialization6.3Dec 31, 2025
• CVE-2025-15374EyouCMS Ask Module Ask.php cross site scripting3.5Dec 31, 2025
• CVE-2025-15373EyouCMS function.php saveRemote server-side request forgery6.3Dec 31, 2025
• CVE-2025-15143EyouCMS Backend Template Management FilemanagerLogic.php sql injection4.7Dec 28, 2025
• CVE-2025-65868XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.7.5Dec 3, 2025
• CVE-2025-52335EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.6.1Aug 14, 2025
• CVE-2024-52680EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.6.1Aug 7, 2025
• CVE-2024-11211EyouCMS Website Logo unrestricted upload4.7Nov 14, 2024
• CVE-2024-11210EyouCMS FilemanagerLogic.php editFile path traversal5.4Nov 14, 2024
• CVE-2024-48196An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.7.5Oct 28, 2024
• CVE-2024-48195Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.6.1Oct 28, 2024
• CVE-2024-3431EyouCMS Backend deserialization4.7Apr 7, 2024
• CVE-2023-42286There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.9.8Mar 14, 2024
• CVE-2024-23034Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.6.1Feb 1, 2024