9 matches found
CVE-2026-1107
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
CVE-2026-1107
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
CVE-2026-1107
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
CVE-2026-1107 EyouCMS Member Avatar Diyajax.php check_userinfo unrestricted upload
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
CVE-2026-1107
CVE-2026-1107 affects EyouCMS up to version 1.7.1/5.0. The vulnerability lies in the Member Avatar Handler component, specifically the Diyajax.php file’s check_userinfo function. Manipulating the viewfile argument can result in unrestricted upload (arbitrary file upload). The attack can be perfor...
CVE-2026-1107 EyouCMS Member Avatar Diyajax.php check_userinfo unrestricted upload
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
PT-2026-3375
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploi...
EyouCMS code-related vulnerabilities
EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. Versions of EyouCMS 1.7.1/5.0 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the viewfile parameter in the checkuserinfo function of the...
ChestnutCMS 安全漏洞
ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A security vulnerability exists in ChestnutCMS 1.5.0 and earlier versions, which originates from the /api/member/avatar interface in the file upload function does not...