Arbitrary File Deletion Vulnerability in eyouCMS by eyou
CVE-2021-46255

8.1HIGH

Key Information:

Vendor
Eyoucms
Status
Eyoucms
Vendor
CVE Published:
14 January 2022

Summary

eyouCMS version 1.5.5-UTF8-SP3_1 is vulnerable to arbitrary file deletion due to inadequate parameter filtering for the filename. This weakness enables attackers to potentially delete arbitrary files on the server, leading to service disruption and unauthorized access to sensitive data. Proper input validation and sanitization measures are essential to mitigate this vulnerability.

References

https://github.com/eyoucms/eyoucms/issues/21
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-46255 : Arbitrary File Deletion Vulnerability in eyouCMS by eyou | SecurityVulnerability.io