Cross-Site Request Forgery Vulnerabilities in EyouCMS by Eyou
CVE-2022-41500

8.8HIGH

Key Information:

Vendor: Eyoucms
Status: Eyoucms
Vendor: CVE Published:; 18 October 2022

What is CVE-2022-41500?

EyouCMS version 1.5.9 is susceptible to multiple Cross-Site Request Forgery (CSRF) vulnerabilities, which can be exploited through its Members Center, Editorial Membership, and Points Recharge components. These vulnerabilities could allow unauthorized actions to be performed on behalf of authenticated users, compromising the integrity and security of user accounts. Proper validation and anti-CSRF measures are essential to mitigate these risks.

References

https://github.com/weng-xianhu/eyoucms/issues/27#issue-14...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Sep 26, 2022

Eyoucms

What is CVE-2022-41500?

References

CVSS V3.1

Timeline