VYPR

Cmseasy

by Cmseasy

CVEs (23)

  • CVE-2018-11679HigJun 2, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.

  • CVE-2018-11680MedJun 2, 2018
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.

  • CVE-2025-15148MedDec 28, 2025
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack…

  • CVE-2025-11332LowOct 6, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHP_SELF can lead to cross site scripting. The attack may be launched remotely. The…

  • CVE-2025-55910Sep 19, 2025
    risk 0.00cvss epss 0.00

    CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php.

  • CVE-2025-1336Feb 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimg_action in the library lib/admin/image_admin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched…

  • CVE-2025-1335Feb 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely.…

  • CVE-2025-1106Feb 7, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit…

  • CVE-2025-0973Feb 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument…

  • CVE-2024-34314May 7, 2024
    risk 0.00cvss epss 0.00

    CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.

  • CVE-2024-34315May 7, 2024
    risk 0.00cvss epss 0.01

    CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.

  • CVE-2024-31551Apr 26, 2024
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.

  • CVE-2024-32236Apr 25, 2024
    risk 0.00cvss epss 0.00

    An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component.

  • CVE-2024-32163Apr 17, 2024
    risk 0.00cvss epss 0.00

    CMSeasy 7.7.7.9 is vulnerable to code execution.

  • CVE-2024-32162Apr 17, 2024
    risk 0.00cvss epss 0.00

    CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.

  • CVE-2024-25828Feb 22, 2024
    risk 0.00cvss epss 0.01

    cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.

  • CVE-2024-0523Jan 14, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be…

  • CVE-2020-18406Jun 27, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.

  • CVE-2023-34880Jun 15, 2023
    risk 0.00cvss epss 0.01

    cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion.

  • CVE-2021-42644May 17, 2022
    risk 0.00cvss epss 0.01

    cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.

Page 1 of 2