Product
eyoucms
75 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-1107
CVE-2025-15375
CVE-2025-15374
CVE-2025-15373
CVE-2025-15143
CVE-2025-65868
CVE-2025-52335
CVE-2024-52680
CVE-2024-11211
CVE-2024-11210
CVE-2024-48196
CVE-2024-48195
CVE-2024-3431
CVE-2023-42286
CVE-2024-23034
CVE-2024-23033
CVE-2024-23032
CVE-2024-23031
CVE-2024-22927
CVE-2023-50566
CVE-2023-48882
CVE-2023-48881
CVE-2023-48880
CVE-2023-46935
CVE-2023-41597
CVE-2023-37645
CVE-2023-37136
CVE-2023-37135
CVE-2023-37134
CVE-2023-37133
CVE-2023-37132
CVE-2023-36093
CVE-2023-34657
CVE-2023-33492
CVE-2023-31708
CVE-2023-30125
CVE-2023-2058
CVE-2023-2057
CVE-2023-1799
CVE-2023-1798
CVE-2022-45755
CVE-2022-45542
CVE-2022-45541
CVE-2022-45540
CVE-2022-45539
CVE-2022-45538
CVE-2022-45537
CVE-2021-39428
CVE-2022-45280
CVE-2022-44390
CVE-2022-44389
CVE-2022-44387
CVE-2022-43323
CVE-2022-41500
CVE-2022-36225
CVE-2022-35509
CVE-2022-33122
CVE-2022-26273
CVE-2022-26279
CVE-2021-42194
CVE-2021-46255
CVE-2020-24000
CVE-2021-39501
CVE-2021-39500
CVE-2021-39499
CVE-2021-39497
CVE-2021-39496
CVE-2020-20645
CVE-2020-20642
CVE-2020-19669
CVE-2020-28146
CVE-2020-21930
CVE-2020-21929
CVE-2020-18129
CVE-2019-17430
all versions
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the
< 1.7.8
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/control
< 1.7.8
A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application/home/mode
< 1.7.8
A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/fun
<= 1.7.6
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/a
all versions
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a P
all versions
EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.
all versions
EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.
<= 1.6.7
A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Web
all versions
A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file app
all versions
An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
all versions
Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted scrip
all versions
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file
all versions
There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or
all versions
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via cr
all versions
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via cra
all versions
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted
all versions
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code v
all versions
Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code v
all versions
A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or
all versions
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or
all versions
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or
all versions
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or
all versions
eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users.
all versions
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php
all versions
eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.file
all versions
A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to ex
all versions
A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitra
all versions
A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute ar
all versions
A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute ar
all versions
A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arb
all versions
There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend
all versions
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via
all versions
EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).
all versions
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTM
all versions
EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).
<= 1.6.2
A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknow
all versions
A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file log
<= 1.5.4
A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file l
<= 1.5.4
A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknow
all versions
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page descriptio
<= 1.6.0
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.
<= 1.6.0
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value conta
<= 1.6.0
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malf
<= 1.6.0
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.
<= 1.6.0
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".
<= 1.6.0
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".
all versions
Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain esca
all versions
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitr
all versions
A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML vi
all versions
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vuln
all versions
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under th
all versions
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the E
all versions
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editor
all versions
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.
all versions
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary We
all versions
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via
all versions
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.
all versions
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
all versions
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml
all versions
eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.
all versions
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information,
all versions
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
all versions
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid a
all versions
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web scr
all versions
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() fu
all versions
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into
filename param to trigger Refall versions
Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the basic_information area.
all versions
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.
all versions
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Adm
<= 1.4.7
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
all versions
A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to exec
all versions
A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to e
all versions
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.
< 1.3.6
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.