First published: Tue May 23 2023(Updated: )
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eyoucms Eyoucms | =1.6.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-31708 is a Cross-Site Request Forgery (CSRF) vulnerability in EyouCMS v1.6.2.
CVE-2023-31708 allows attackers to execute arbitrary commands by supplying a crafted HTML file to the Upload software format function in EyouCMS v1.6.2.
The severity of CVE-2023-31708 is medium with a CVSS score of 4.3.
To fix CVE-2023-31708, it is recommended to update EyouCMS to a version that has addressed this vulnerability or apply the necessary patches provided by the vendor.
More information about CVE-2023-31708 can be found at the following reference: [link](https://github.com/weng-xianhu/eyoucms/issues/41).