CVE-2026-1107 | EyouCMS up to 1.7.1/5.0 Member Avatar Diyajax.php check_userinfo viewfile unrestricted upload

Inserito da Angelo Barbosa | Gen 17, 2026 | CVE

A vulnerability classified as critical was found in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload.

This vulnerability appears as CVE-2026-1107. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1107 | EyouCMS up to 1.7.1/5.0 Member Avatar Diyajax.php check_userinfo viewfile unrestricted upload

Post correlati

CVE-2024-39741 | IBM Datacap Navigator 9.1.5/9.1.6/9.1.7/9.1.8/9.1.9 URL path traversal (XFDB-296010)

CVE-2023-20257 | Cisco Evolved Programmable Network Manager Web-based Management Interface cross site scripting (cisco-sa-pi-epnm-wkZJeyeq)

CVE-2024-12359 | code-projects Admin Dashboard 1.0 /vendor_management.php username cross site scripting

CVE-2024-10785 | britner Gutenberg Blocks with AI Plugin up to 3.3.3 on WordPress cross site scripting