CVE-2026-6561

MEDIUM CVSS 4.7 View on NVD ↗

Description

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/zzk6th/my-cve-notes/blob/main/EyouCMS%20Arbitrary%20File%20Copy%20Vulnerability%20in%20edit_adminlogo()%20Leading%20to%20Sensitive%20Information%20Disclosure.md
https://vuldb.com/submit/788038
https://vuldb.com/vuln/358198
https://vuldb.com/vuln/358198/cti

Published: Apr 19, 2026 08:16 UTC Modified: Apr 19, 2026 08:16 UTC