CVE-2025-15143

Name of the Vulnerable Software and Affected Versions EyouCMS versions prior to 1.7.7

Description A security flaw exists in EyouCMS up to version 1.7.6. The issue is related to a SQL injection within the Backend Template Management component, specifically in the file /application/admin/logic/FilemanagerLogic.php. Manipulation of the content argument in an unknown function within this file can lead to SQL injection. The attack can be launched remotely, and an exploit has been publicly released. The vendor was contacted regarding this disclosure but did not respond.

Recommendations Update EyouCMS to version 1.7.7 or later. As a temporary workaround, restrict access to the file /application/admin/logic/FilemanagerLogic.php.