4 matches found
CVE-2022-26273
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...
Design/Logic Flaw
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...
CVE-2022-26273
EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...
CVE-2021-42194
The wechatreturn function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml load String function, which itself does not prohibit external entities, triggering a XML external entity XXE injection vulnerability...