PT-2024-16829 · Eyoucms · Eyoucms

Falling-Snow

Published

2024-11-14

Updated

2024-11-19

CVE-2024-11211

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EyouCMS versions up to 1.6.7

Description A critical vulnerability has been found in the Website Logo Handler component of EyouCMS, allowing for unrestricted upload. The manipulation can be launched remotely. The vendor was contacted about this disclosure but did not respond. The exploit has been disclosed to the public.

Recommendations For versions up to 1.6.7, update to a version that is not affected by this issue, as the exact fixed version is not specified. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2024-11211

Affected Products

Eyoucms

PT-2024-16829 · Eyoucms · Eyoucms

CVE-2024-11211

Weakness Enumeration

Related Identifiers

Affected Products

References · 12