Description

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The exploit has been published and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

Related CPE's

a

eyoucms

eyoucms

Vulnerable

References

https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh

ExploitThird Party Advisory

https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh#-span--strong-proof-of-concept---strong---span-

ExploitThird Party Advisory

https://vuldb.com/?ctiid.339083

Permissions RequiredVDB Entry

https://vuldb.com/?id.339083

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.718481

Third Party AdvisoryVDB Entry

https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh

ExploitThird Party Advisory

https://note-hxlab.wetolink.com/share/2wLgcbKe9Toh#-span--strong-proof-of-concept---strong---span-

ExploitThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-20CWE-502

[email protected]

Primary
CWE-502

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2025-12-31T04:16:05.703Z

2 weeks ago

Last modified

2026-01-02T14:15:59.007Z

1 week ago