GCVE - cpe:2.3:a:n/a:eyoucms:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:eyoucms:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Eyoucms (`04d87c07-2fe7-52df-89bf-53f05ef97452`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-3431`	vulnerable	2026-06-08 06:41:53.296578	EyouCMS Backend deserialization MEDIUM (4.7) A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: 2024-04-07T22:00:07.735Z Updated: 2024-08-20T18:35:27.629Z Open on db.gcve.eu Reference links https://vuldb.com/?id.259612 https://vuldb.com/?ctiid.259612 https://vuldb.com/?submit.308208 https://terrific-street-3d0.notion.site/EYOUCMS-v1-6-5-RCE-7fe12e91a9b249e88e6ab36446b5ba22	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11211`	vulnerable	2026-06-08 06:23:49.085493	EyouCMS Website Logo unrestricted upload MEDIUM (4.7) A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2024-11-14T15:00:09.604Z Updated: 2025-01-06T17:57:36.113Z Open on db.gcve.eu Reference links https://vuldb.com/?id.284526 https://vuldb.com/?ctiid.284526 https://vuldb.com/?submit.437600 https://github.com/falling-snow1/cve/blob/main/EyouCMS_RCE.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11210`	vulnerable	2026-06-08 06:23:49.078010	EyouCMS FilemanagerLogic.php editFile path traversal MEDIUM (5.4) A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2024-11-14T14:31:04.816Z Updated: 2024-11-14T15:07:09.264Z Open on db.gcve.eu Reference links https://vuldb.com/?id.284525 https://vuldb.com/?ctiid.284525 https://vuldb.com/?submit.437451 https://github.com/nn0nkey/nn0nkey/blob/main/eyoucms/mlcy.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2058`	vulnerable	2026-06-08 06:02:41.332594	EyouCms HTTP POST Request cross site scripting LOW (2.4) A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225943. Published: 2023-04-14T14:00:05.983Z Updated: 2024-08-02T06:12:19.894Z Open on db.gcve.eu Reference links https://vuldb.com/?id.225943 https://vuldb.com/?ctiid.225943 https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2057`	vulnerable	2026-06-08 06:02:41.330495	EyouCms New Picture cross site scripting LOW (2.4) A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability. Published: 2023-04-14T13:31:04.204Z Updated: 2024-08-02T06:12:20.194Z Open on db.gcve.eu Reference links https://vuldb.com/?id.225942 https://vuldb.com/?ctiid.225942 https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1799`	vulnerable	2026-06-08 05:52:37.058120	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1798`	vulnerable	2026-06-08 05:52:37.056642	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.