Cmseasy
by Cmseasy
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11679 | Hig | 0.57 | 8.8 | 0.01 | Jun 2, 2018 | An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. | ||
| CVE-2018-11680 | Med | 0.42 | 6.5 | 0.00 | Jun 2, 2018 | An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate. | ||
| CVE-2025-15148 | Med | 0.31 | 4.7 | 0.00 | Dec 28, 2025 | A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack… | ||
| CVE-2025-11332 | Low | 0.23 | 3.5 | 0.00 | Oct 6, 2025 | A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHP_SELF can lead to cross site scripting. The attack may be launched remotely. The… | ||
| CVE-2025-55910 | 0.00 | — | 0.00 | Sep 19, 2025 | CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php. | |||
| CVE-2025-1336 | 0.00 | — | 0.01 | Feb 16, 2025 | A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimg_action in the library lib/admin/image_admin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched… | |||
| CVE-2025-1335 | 0.00 | — | 0.01 | Feb 16, 2025 | A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely.… | |||
| CVE-2025-1106 | 0.00 | — | 0.01 | Feb 7, 2025 | A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit… | |||
| CVE-2025-0973 | 0.00 | — | 0.01 | Feb 3, 2025 | A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument… | |||
| CVE-2024-34314 | 0.00 | — | 0.00 | May 7, 2024 | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | |||
| CVE-2024-34315 | 0.00 | — | 0.01 | May 7, 2024 | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | |||
| CVE-2024-31551 | 0.00 | — | 0.01 | Apr 26, 2024 | Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request. | |||
| CVE-2024-32236 | 0.00 | — | 0.00 | Apr 25, 2024 | An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. | |||
| CVE-2024-32163 | 0.00 | — | 0.00 | Apr 17, 2024 | CMSeasy 7.7.7.9 is vulnerable to code execution. | |||
| CVE-2024-32162 | 0.00 | — | 0.00 | Apr 17, 2024 | CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. | |||
| CVE-2024-25828 | 0.00 | — | 0.01 | Feb 22, 2024 | cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. | |||
| CVE-2024-0523 | 0.00 | — | 0.01 | Jan 14, 2024 | A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be… | |||
| CVE-2020-18406 | 0.00 | — | 0.00 | Jun 27, 2023 | An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | |||
| CVE-2023-34880 | 0.00 | — | 0.01 | Jun 15, 2023 | cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion. | |||
| CVE-2021-42644 | 0.00 | — | 0.01 | May 17, 2022 | cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability. |
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
- risk 0.31cvss 4.7epss 0.00
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHP_SELF can lead to cross site scripting. The attack may be launched remotely. The…
- CVE-2025-55910Sep 19, 2025risk 0.00cvss —epss 0.00
CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php.
- CVE-2025-1336Feb 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimg_action in the library lib/admin/image_admin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched…
- CVE-2025-1335Feb 16, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely.…
- CVE-2025-1106Feb 7, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit…
- CVE-2025-0973Feb 3, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument…
- CVE-2024-34314May 7, 2024risk 0.00cvss —epss 0.00
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
- CVE-2024-34315May 7, 2024risk 0.00cvss —epss 0.01
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
- CVE-2024-31551Apr 26, 2024risk 0.00cvss —epss 0.01
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.
- CVE-2024-32236Apr 25, 2024risk 0.00cvss —epss 0.00
An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component.
- CVE-2024-32163Apr 17, 2024risk 0.00cvss —epss 0.00
CMSeasy 7.7.7.9 is vulnerable to code execution.
- CVE-2024-32162Apr 17, 2024risk 0.00cvss —epss 0.00
CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.
- CVE-2024-25828Feb 22, 2024risk 0.00cvss —epss 0.01
cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.
- CVE-2024-0523Jan 14, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be…
- CVE-2020-18406Jun 27, 2023risk 0.00cvss —epss 0.00
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.
- CVE-2023-34880Jun 15, 2023risk 0.00cvss —epss 0.01
cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion.
- CVE-2021-42644May 17, 2022risk 0.00cvss —epss 0.01
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.
Page 1 of 2