CVE-2025-15373

Medium CVSS: 5.3

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

Vendor

Eyoucms

Product

Eyoucms

CWE

CWE-918

Yayın Tarihi

2025-12-31 04:15:53

Güncelleme

2026-01-02 15:15:58

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-918 Eyoucms MEDIUM Eyoucms 2025

Referanslar

https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK#-span--strong-proof-of-concept---strong---span- https://vuldb.com/?ctiid.339081 https://vuldb.com/?id.339081 https://vuldb.com/?submit.718465 https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK#-span--strong-proof-of-concept---strong---span-

Benzer Kayıtlar

Medium

CVE-2026-1107

A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.p…

Medium

CVE-2025-15375

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/a…

Medium

CVE-2025-15374

A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application…

Medium

CVE-2025-15143

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /app…

High

CVE-2025-65868

XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted b…

Medium

CVE-2025-52335

EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive inform…