{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/eyoucms--1.7.9/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7389"}],"_cs_exploited":false,"_cs_products":["EyouCMS (\u003c= 1.7.9)"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2026-7389","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA security vulnerability, CVE-2026-7389, has been identified in EyouCMS, specifically affecting versions up to 1.7.9. This vulnerability stems from insufficient sanitization of user-supplied input passed to the \u003ccode\u003esort_asc\u003c/code\u003e argument of the \u003ccode\u003eGetSortData\u003c/code\u003e function located in the \u003ccode\u003eapplication/common.php\u003c/code\u003e file. An unauthenticated, remote attacker can exploit this vulnerability to inject malicious SQL queries into the application. Publicly available exploits increase the risk of widespread exploitation. The project maintainers were notified but have not yet addressed the issue, making timely detection and mitigation critical for defenders.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an EyouCMS instance running a vulnerable version (\u0026lt;= 1.7.9).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003eGetSortData\u003c/code\u003e function within \u003ccode\u003eapplication/common.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a manipulated \u003ccode\u003esort_asc\u003c/code\u003e argument containing a SQL injection payload.\u003c/li\u003e\n\u003cli\u003eThe application processes the request without proper sanitization of the \u003ccode\u003esort_asc\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe unsanitized input is incorporated into a SQL query executed by the application.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code modifies the query logic, allowing the attacker to potentially bypass authentication.\u003c/li\u003e\n\u003cli\u003eThe attacker can read sensitive data from the database, such as user credentials or configuration information.\u003c/li\u003e\n\u003cli\u003eThe attacker may escalate privileges or gain complete control of the database server, leading to data exfiltration or service disruption.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2026-7389) could allow an attacker to read, modify, or delete sensitive data stored in the EyouCMS database. This could include user credentials, financial information, or other confidential data. Since an exploit is publicly available, organizations using vulnerable versions of EyouCMS are at increased risk of compromise, potentially leading to data breaches, financial loss, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect EyouCMS SQL Injection via sort_asc Parameter\u003c/code\u003e to identify exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for suspicious requests targeting \u003ccode\u003eapplication/common.php\u003c/code\u003e with unusual parameters in the \u003ccode\u003esort_asc\u003c/code\u003e argument based on the Sigma rule.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003esort_asc\u003c/code\u003e parameter in the \u003ccode\u003eGetSortData\u003c/code\u003e function to prevent SQL injection.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T16:16:29Z","date_published":"2026-04-29T16:16:29Z","id":"/briefs/2026-04-eyoucms-sql-injection/","summary":"A remote SQL injection vulnerability (CVE-2026-7389) exists in EyouCMS versions up to 1.7.9 due to improper handling of the 'sort_asc' argument in the GetSortData function, potentially allowing attackers to execute arbitrary SQL commands.","title":"EyouCMS SQL Injection Vulnerability (CVE-2026-7389)","url":"https://feed.craftedsignal.io/briefs/2026-04-eyoucms-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — EyouCMS (\u003c= 1.7.9)","version":"https://jsonfeed.org/version/1.1"}