Unrated severityNVD Advisory· Published May 11, 2025· Updated May 12, 2025
CTCMS Content Management System File Tpl.php del path traversal
CVE-2025-4545
Description
A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 2.1.2
- CTCMS/Content Management Systemv5Range: 2.1.2
Patches
Vulnerability mechanics
References
4- github.com/xiaoyangsec/ctcms/blob/main/CTCMS_Arbitrary_File_Deletion_Vulnerability_Authenticated.mdmitreexploit
- vuldb.commitrethird-party-advisory
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.