A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
PUBLISHED5.2ApplicationCWE-94CWE-74
EyouCMS Template File FilemanagerLogic.php editFile code injection
Problem type
Affected products
EyouCMS
1.7.0 - AFFECTED
1.7.1 - AFFECTED
1.7.2 - AFFECTED
1.7.3 - AFFECTED
1.7.4 - AFFECTED
1.7.5 - AFFECTED
1.7.6 - AFFECTED
1.7.7 - AFFECTED
1.7.8 - AFFECTED
1.7.9 - AFFECTED
References
VDB-360113 | EyouCMS Template File FilemanagerLogic.php editFile code injection
https://vuldb.com/vuln/360113
VDB-360113 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/360113/cti
Submit #803102 | eyoucms EyouCMS <=1.7.9 Code Injection
https://vuldb.com/submit/803102
gitee.com
https://gitee.com/weng_xianhu/eyoucms/issues/IILDJS
GitHub Security Advisories
GHSA-rxpr-h49f-75vj
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the...
https://github.com/advisories/GHSA-rxpr-h49f-75vjA weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-7388Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-7388",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-04-29T15:15:16.230Z",
"dateReserved": "2026-04-29T09:34:57.835Z",
"datePublished": "2026-04-29T15:15:16.230Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-04-29T15:15:16.230Z"
},
"title": "EyouCMS Template File FilemanagerLogic.php editFile code injection",
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"affected": [
{
"vendor": "n/a",
"product": "EyouCMS",
"cpes": [
"cpe:2.3:a:eyoucms:eyoucms:*:*:*:*:*:*:*:*"
],
"modules": [
"Template File Handler"
],
"versions": [
{
"version": "1.7.0",
"status": "affected"
},
{
"version": "1.7.1",
"status": "affected"
},
{
"version": "1.7.2",
"status": "affected"
},
{
"version": "1.7.3",
"status": "affected"
},
{
"version": "1.7.4",
"status": "affected"
},
{
"version": "1.7.5",
"status": "affected"
},
{
"version": "1.7.6",
"status": "affected"
},
{
"version": "1.7.7",
"status": "affected"
},
{
"version": "1.7.8",
"status": "affected"
},
{
"version": "1.7.9",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Code Injection",
"cweId": "CWE-94",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Injection",
"cweId": "CWE-74",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/360113",
"name": "VDB-360113 | EyouCMS Template File FilemanagerLogic.php editFile code injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/360113/cti",
"name": "VDB-360113 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/submit/803102",
"name": "Submit #803102 | eyoucms EyouCMS <=1.7.9 Code Injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://gitee.com/weng_xianhu/eyoucms/issues/IILDJS",
"tags": [
"exploit",
"issue-tracking"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 5.8
}
}
],
"timeline": [
{
"time": "2026-04-29T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-04-29T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-04-29T11:40:12.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "anch0r (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "VulDB CNA Team",
"type": "coordinator"
}
]
}
}
}