easyii CMS File Upload Management Upload.php file unrestricted upload
Description
Critical unrestricted file upload vulnerability in easyii CMS's File Upload Management allows remote attackers to upload arbitrary files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Critical unrestricted file upload vulnerability in easyii CMS's File Upload Management allows remote attackers to upload arbitrary files.
The vulnerability affects the file upload functionality in easyii CMS, specifically in the file function of helpers/Upload.php. The component fails to properly validate file types, leading to an unrestricted upload condition [1].
An attacker can exploit this flaw remotely by sending a crafted HTTP request to the file upload endpoint, without requiring authentication. The only prerequisite is network access to the vulnerable CMS instance.
Successful exploitation allows the attacker to upload arbitrary files, including executable scripts (e.g., PHP shells). This could lead to remote code execution, full site compromise, or data exfiltration.
As of the publication date, no official patch has been released. Administrators should restrict upload capabilities and review file permissions to mitigate the risk.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
noumo/easyiiPackagist | <= 0.9 | — |
Affected products
2- easyii/CMSv5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-vqvm-qrwh-69h7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-3771ghsaADVISORY
- vuldb.comghsaWEB
News mentions
0No linked articles in our index yet.