PT-2024-13035 · Eyoucms · Eyoucms
Nacl
·
Published
2024-03-14
·
Updated
2024-11-12
·
CVE-2023-42286
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
eyoucms version 1.6.4
Description
The issue is related to a PHP file inclusion vulnerability in the template configuration, allowing attackers to execute code or system commands through a carefully crafted malicious payload.
Recommendations
For eyoucms version 1.6.4, update to a version that fixes this issue, as the current version allows attackers to execute malicious code through the template configuration.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eyoucms