CVE-2022-44389 EyouCMS V1.5.9-UTF8-SP1 was found to have a Cross Site Request Forgery vulnerability in the Edit Admin Profile module.

Multiple vulnerabilities were discovered in eyouCMS V1.5.9-UTF8-SP1. These vulnerabilities allow an attacker to gain remote code execution and admin permissions. Furthermore, we discovered multiple cross-site scripting (XSS) vulnerabilities in eyouCMS V1.5.9-UTF8-SP1. An attacker can exploit these flaws to conduct XSS attacks against users. EyouCMS V1.5.9-UTF8-SP1 was also discovered to be vulnerable to clickjacking. An attacker can exploit this flaw to hide malicious content in the website and trick users into clicking on it.

Solution: Upgrade to latest version or install Firewall/IDS/IPS.

CVE#\ Description ------------- Remote Code Execution ------------------------- 1 Open Redirect Remote Code Execution 2 Open Redirect Remote Code Execution 3 Open Redirect Remote Code Execution 4 Open Redirect Remote Code Execution 5 Open Redirect Remote Code Execution 6 Open Redirect Remote Code Execution 7 Open Redirect Remote Code Execution 8 Open Redirect Remote Code Execution 9 Open Redirect Remote Code Execution 10 Open Redirect Remote Code Execution 11 Open Redirect Remote Code Execution 12 Open Redirect Remote Code Execution 13 Open Redirect Remote Code Execution 14 Open Redirect Remote Code Execution 15 Open Redirect Remote Code Execution 16 Open Redirect Remote Code Execution 17 Open Redirect Remote Code Execution 18 Open Redirect Remote Code Execution 19 Open Redirect Remote Code Execution 20 Open Redirect Remote Code

1

. Open Redirect Remote Code Execution
An attacker can exploit this vulnerability to execute remote code on the vulnerable device.

Multiple Cross-site Scripting (XSS) vulnerabilities multiple cross-site scripting (XSS) vulnerabilities were discovered in eyouCMS V1.5.9-UTF8-SP1. An attacker can exploit these flaws to conduct XSS attacks against users. EyouCMS V1.5.9-UTF8-SP1 was also discovered to be vulnerable to clickjacking. An attacker can exploit this flaw to hide malicious content in the website and trick users into clicking on it.


Solution: Upgrade to latest version or install Firewall/IDS/IPS

Multiple Cross-Site Scripting (XSS)

1 Open Redirect XSS
2 Open Redirect XSS
3 Open Redirect XSS
4 Open Redirect XSS 5 Open Redirect XSS 6 Open Redirect XSS 7 Open Redirect XSS 8 Open Redirect XSS 9 Open Redirect XSS 10 Open Redirect XSS 11 Open Redirect XSS 12 Open Redirect XSS 13 Open Redrupt Remote Code Execution 14 Open Redirection Remote Code Execution 15 Open Re-direction Remote Code Execution 16 Cross-Site Scripting (XSI) 17 Cross-Site Scripting (XSI) 18 Cross-Site Scripting (XSI) 19 Cross-Site Scripting (XSI) 20 Cross-Site Scripting (XSI)

Firewall and IDS/IPS:

The best way to protect your business is by installing a firewall into your computer. This will prevent malicious servers from entering your network, preventing any sort of unwanted access. Additionally, an IPS/IDS helps to detect any kind of malicious activity on the network and can be used along with a firewall.

Timeline

Published on: 11/14/2022 20:15:00 UTC
Last modified on: 11/16/2022 23:10:00 UTC

References