Eyoucms
This hub aggregates every CVE we track for Eyoucms, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
75
CVEs tracked
5
Critical
12
High
0
In CISA KEV
Severity distribution
MEDIUM53HIGH12LOW5CRITICAL5
Monthly trend
0
0
0
2
2
0
0
0
0
0
0
0
0
2
0
0
0
5
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Eyoucms.
- CVE-2026-1107EyouCMS Member Avatar Diyajax.php check_userinfo unrestricted upload6.3
- CVE-2025-15375EyouCMS arcpagelist Ajax.php unserialize deserialization6.3
- CVE-2025-15374EyouCMS Ask Module Ask.php cross site scripting3.5
- CVE-2025-15373EyouCMS function.php saveRemote server-side request forgery6.3
- CVE-2025-15143EyouCMS Backend Template Management FilemanagerLogic.php sql injection4.7
- CVE-2025-65868XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.7.5
- CVE-2025-52335EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.6.1
- CVE-2024-52680EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.6.1
- CVE-2024-11211EyouCMS Website Logo unrestricted upload4.7
- CVE-2024-11210EyouCMS FilemanagerLogic.php editFile path traversal5.4
- CVE-2024-48196An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.7.5
- CVE-2024-48195Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.6.1
- CVE-2024-3431EyouCMS Backend deserialization4.7
- CVE-2023-42286There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload.9.8
- CVE-2024-23031Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.6.1
Product normalization is registry-driven with AI assist and human review. How it works