CVE-2025-15375

Medium CVSS: 5.3

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The exploit has been published and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

Vendor

Eyoucms

Product

Eyoucms

CWE

CWE-20

Yayın Tarihi

2025-12-31 05:16:05

Güncelleme

2026-02-24 07:17:08

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-20 Eyoucms MEDIUM Eyoucms 2025

Referanslar

https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh#-span--strong-proof-of-concept---strong---span- https://vuldb.com/?ctiid.339083 https://vuldb.com/?id.339083 https://vuldb.com/?submit.718481 https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh#-span--strong-proof-of-concept---strong---span-

Benzer Kayıtlar

Medium

CVE-2026-1107

A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.p…

Medium

CVE-2025-15374

A vulnerability was detected in EyouCMS up to 1.7.7. The affected element is an unknown function of the file application…

Medium

CVE-2025-15373

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file appli…

Medium

CVE-2025-15143

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /app…

High

CVE-2025-65868

XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted b…

Medium

CVE-2025-52335

EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive inform…