Directory Traversal Vulnerability in Eyoucms by Eyou Technology
CVE-2021-39500
7.5HIGH
What is CVE-2021-39500?
Eyoucms version 1.5.4 contains a directory traversal vulnerability that arises from insufficient input data sanitization in certain parameters. Attackers can exploit this weakness by injecting sequences like '../' into the input fields (tpldir, filename, type, nid), allowing them to traverse the directory structure and write files to writable directories, potentially compromising sensitive information or altering system files.