CVE-2024-3431

Name of the Vulnerable Software and Affected Versions EyouCMS version 1.6.5

Description A critical issue affects the Backend component of EyouCMS, specifically the file /login.php?m=admin&c=Field&a=channel edit. The manipulation of the channel id argument leads to deserialization. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For EyouCMS version 1.6.5, as a temporary workaround, consider restricting access to the /login.php?m=admin&c=Field&a=channel edit endpoint until a patch is available. Avoid manipulating the channel id argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.