CVE-2026-6561 | EyouCMS up to 1.7.1 Index.php edit_adminlogo filename unrestricted upload

Inserito da Angelo Barbosa | Apr 18, 2026 | CVE

A vulnerability was found in EyouCMS up to 1.7.1. It has been rated as critical. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload.

This vulnerability is reported as CVE-2026-6561. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6561 | EyouCMS up to 1.7.1 Index.php edit_adminlogo filename unrestricted upload

Post correlati

CVE-2025-10249 | Slider Revolution Plugin up to 6.7.37 on WordPress authorization

CVE-2025-47667 | qusupport LiveAgent Plugin up to 4.4.7 on WordPress cross-site request forgery

CVE-2024-1908 | GitHub Enterprise Server up to 3.8.15/3.9.10/3.10.7/3.11.5 Connect Download Token privileges management

CVE-2024-0961 | SiteOrigin Widgets Bundle Plugin up to 1.58.1 on WordPress cross site scripting