CNNVD-202512-4874 Information

CNNVD ID

CNNVD-202512-4874

Related CVE

CVE-2025-15143

• CNNVD Published: 2025-12-28

Description (Chinese)

EyouCMS是中国易优（Eyou）公司的一套基于ThinkPHP的开源内容管理系统（CMS）。 EyouCMS 1.7.6及之前版本存在SQL注入漏洞，该漏洞源于文件/application/admin/logic/FilemanagerLogic.php中参数content的错误操作，可能导致SQL注入。

Description (English)

EyouCMS is an open-source content management system (CMS) based on ThinkPHP for Eyou. EyouCMS 1.7.6 and previous versions have an injection loophole in SQL, which stems from the error of the parameter content in document/application/admin/logic/FilemanagerLogic.php, which may lead to SQL injection.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

易优

Published

2025-12-28

Last Modified

2026-02-24

References

https://note-hxlab.wetolink.com/share/XfINjg5i25Ud https://vuldb.com/?id.338521 https://vuldb.com/?ctiid.338521 https://vuldb.com/?submit.716078 https://access.redhat.com/security/cve/cve-2025-15143

Patch

https://www.eyoucms.com/help/eyoujq/31387.html