Unrestricted File Upload Vulnerability in EyouCMS Member Avatar Handler
CVE-2026-1107

5.3MEDIUM

Key Information:

Vendor

Hainan Zanzan Network Technology Co.

Status
Eyoucms
Vendor
CVE Published:
18 January 2026

What is CVE-2026-1107?

A vulnerability exists in EyouCMS affecting the Member Avatar Handler function check_userinfo, where improper validation of the viewfile argument can lead to unrestricted file uploads. This weakness can be exploited remotely, allowing attackers to upload malicious files, potentially leading to significant security breaches. Despite early notification, the vendor has not addressed this issue, leaving systems exposed to possible exploitation. Users of EyouCMS versions up to 1.7.1 and 5.0 are strongly urged to assess their security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EyouCMS 1.7.0

EyouCMS 1.7.1

EyouCMS 5.0

References

https://vuldb.com/?id.341699
vdb-entrytechnical-description
https://vuldb.com/?ctiid.341699
signaturepermissions-required
https://vuldb.com/?submit.731540
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

nobb (VulDB User)
JSON
.