CVE-2026-7389
SQL Injection in EyouCMS up to 1.7.9
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eyoucms | eyoucms | to 1.7.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in EyouCMS versions up to 1.7.9, specifically in the function GetSortData within the file application/common.php. It occurs due to improper handling of the argument sort_asc, which allows an attacker to perform SQL injection.
SQL injection is a type of security flaw where an attacker can manipulate a database query by injecting malicious SQL code through input parameters.
The attack can be initiated remotely, meaning an attacker does not need local access to exploit this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a SQL injection in EyouCMS up to version 1.7.9, which can be exploited remotely. Such vulnerabilities can lead to unauthorized access or manipulation of sensitive data.
While the provided information does not explicitly mention compliance impacts, SQL injection vulnerabilities generally pose risks to data confidentiality and integrity, which are critical aspects of standards like GDPR and HIPAA.
Therefore, if exploited, this vulnerability could potentially lead to non-compliance with regulations that require protection of personal or sensitive data.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to unauthorized access to or manipulation of the database used by EyouCMS.
Potential impacts include data leakage, data corruption, or unauthorized modification of data.
Since the vulnerability allows remote exploitation without authentication, it increases the risk of compromise.
Can you explain this vulnerability to me?
This vulnerability exists in EyouCMS versions up to 1.7.9 in the GetSortData() function located in application/common.php. It involves the sort_asc parameter, which is directly concatenated into an SQL ORDER BY clause without proper validation or sanitization.
Because of this, unauthenticated attackers can perform time-based blind SQL injection attacks by sending specially crafted requests to the article list page. This allows them to access the database, including extracting admin credentials stored as bcrypt hashes.
The vulnerability was introduced in version 1.5.4 when sorting functionality was added and remains unpatched. Attackers can bypass weak input filters using techniques like the NOT BETWEEN syntax.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for specially crafted HTTP requests targeting the article list endpoint of EyouCMS, specifically those manipulating the `sort_asc` parameter in the `GetSortData()` function. These requests may contain unusual SQL syntax such as `NOT BETWEEN` or other time-based blind SQL injection payloads.
To detect exploitation attempts, you can use network monitoring tools or web server logs to identify suspicious requests with unusual parameters in the URL or POST data.
Example command using curl to test for the vulnerability by sending a crafted request:
- curl -v 'http://target-site/path/to/article/list?sort_asc=1%20NOT%20BETWEEN%201%20AND%202'
Additionally, you can use tools like sqlmap to automate detection and exploitation testing against the vulnerable parameter:
- sqlmap -u 'http://target-site/path/to/article/list?sort_asc=1' --risk=3 --level=5 --dbs
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Restrict access to the vulnerable endpoint by implementing firewall rules or web application firewall (WAF) rules to block suspicious requests containing SQL injection patterns in the `sort_asc` parameter.
- Disable or restrict the sorting functionality that uses the `sort_asc` parameter until a patch or fix is available.
- Monitor logs closely for any signs of exploitation attempts and respond accordingly.
- If possible, apply input validation and sanitization on the `sort_asc` parameter to prevent SQL injection.
- Consider isolating or taking the affected system offline if exploitation is suspected.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to full database access by unauthenticated attackers.
Attackers can extract sensitive information such as admin credentials, which are stored as bcrypt hashes.
With the obtained credentials, attackers may gain access to the admin panel, potentially resulting in complete system compromise.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for specially crafted HTTP requests targeting the article list endpoint of EyouCMS, specifically those manipulating the `sort_asc` parameter in the `GetSortData()` function.
To detect potential exploitation attempts, you can look for unusual or suspicious requests containing SQL injection payloads in the `sort_asc` parameter, such as usage of SQL syntax like `NOT BETWEEN` or other time-based blind SQL injection patterns.
Example command using curl to test for the vulnerability by sending a crafted request might be:
- curl -v 'http://target-site/path-to-article-list?sort_asc=1%20NOT%20BETWEEN%201%20AND%202'
Additionally, monitoring web server logs or using intrusion detection systems (IDS) to flag requests with suspicious SQL syntax in parameters can help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint and disabling or filtering the `sort_asc` parameter to prevent injection of malicious SQL code.
If possible, apply input validation and sanitization on the `sort_asc` parameter to ensure only expected values are accepted.
Since the vulnerability is in EyouCMS versions up to 1.7.9 and remains unfixed, consider upgrading to a patched version once available or applying custom patches to fix the SQL injection in the `GetSortData()` function.
In the meantime, monitor logs for suspicious activity and consider implementing web application firewall (WAF) rules to block malicious payloads targeting this vulnerability.