EyouCMS
0 remedies
cpe:2.3:a:eyoucms:eyoucms:*:*:*:*:*:*:*
0 remedies
- <= 1.7.1
- 5.0
EyouCMS Unrestricted File Upload Vulnerability in Member Avatar Component
Vulnerability
A vulnerability allowing unrestricted file upload has been identified in EyouCMS versions through 1.7.1 and 5.0. The issue arises in the Member Avatar Handler, specifically within the check_userinfo function of Diyajax.php. The vulnerability can be exploited remotely by manipulating the viewfile parameter, leading to unauthorized file uploads that could be processed within the application's environment.
Impact
Exploitation of this vulnerability allows for unauthorized file uploads, which could be used to execute malicious code on the server.
Reproduction
To reproduce this vulnerability, first upload an image through the avatar feature as a regular user. Then, send a POST request to the check_userinfo API with the viewfile parameter set to a crafted file path that includes a payload. The server will execute the payload, demonstrating the vulnerability.
Added: Jan 18, 2026, 1:19 AM
Updated: Jan 18, 2026, 1:19 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
10.0exploitability
6.8remediation
0.0relevance
2.2threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.