CVE-2026-13569
MediumCVSS 4.7Summary
A SQL injection vulnerability has been detected in EyouCMS up to version 1.7.1 in the /index.php file of the API component. An attacker can remotely manipulate the click_like argument, leading to SQL injection. The exploit has been publicly disclosed and may be used.
Risk Assessment
The risk involves the possibility of remote execution of unauthorized SQL queries, which could lead to data leakage, modification, or deletion, as well as potential system takeover.
Recommendation
Immediately update EyouCMS to the latest available version or apply temporary mitigations such as input validation and sanitization for the click_like argument in the API.
Original NVD description (English source)
A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument click_like leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

