VDB-339081 · CVE-2025-15373 · GCVE-100-339081

EyouCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.7.7 application/function.php saveRemote ବିସ୍ତାରିତ ଅଧିକାର

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu EyouCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.7.7 keessatti argameera. Kan miidhamte is hojii saveRemote faayilii application/function.php keessa. Hojii jijjiirraa gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-918 geessa. Dadhabbii kana yeroo 12/30/2025 maxxanfameera. Odeeffannoon kun buufachuuf note-hxlab.wetolink.com irratti qoodameera. Dogoggorri kun akka CVE-2025-15373tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana note-hxlab.wetolink.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 96 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/30/2025 07:51 PM	ଅଦ୍ୟତନ 1/2 12/31/2025 07:14 PM	ଅଦ୍ୟତନ 2/2 01/01/2026 07:40 AM
software_name	EyouCMS	EyouCMS	EyouCMS
software_version	<=1.7.7	<=1.7.7	<=1.7.7
software_file	application/function.php	application/function.php	application/function.php
software_function	saveRemote	saveRemote	saveRemote
vulnerability_cwe	CWE-918 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-918 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-918 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	C	C	C
advisory_url	https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK	https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK	https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK#-span--strong-proof-of-concept---strong---span-	https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK#-span--strong-proof-of-concept---strong---span-	https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK#-span--strong-proof-of-concept---strong---span-
source_cve	CVE-2025-15373	CVE-2025-15373	CVE-2025-15373
cna_responsible	VulDB	VulDB	VulDB
response_summary	The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".	The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".	The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	C	C	C
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.9	5.9	5.9
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0
cvss3_meta_basescore	6.3	6.3	5.6
cvss3_meta_tempscore	6.0	6.1	5.5
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1767049200 (12/30/2025)	1767049200 (12/30/2025)	1767049200 (12/30/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".	A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_nvd_basescore			4.3

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you need the next level of professionalism?

Upgrade your account now!