Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
EyouCMS allows remote attackers to upload files without restriction
CVE-2026-6561
Summary
An attacker can upload any file to EyouCMS without restrictions, which could allow them to install malware or disrupt the website's functionality. This is a serious issue because it could lead to unauthorized access or data compromise. Patch your EyouCMS installation to version 1.7.2 or later to fix this issue.
Original title
A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument fil...
Original description
A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
5.8
nvd CVSS3.1
4.7
nvd CVSS4.0
5.1
Vulnerability type
CWE-284
Improper Access Control
CWE-434
Unrestricted File Upload
Published: 19 Apr 2026 · Updated: 19 Apr 2026 · First seen: 19 Apr 2026