EasyImages
by EasyImages
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48161 | Hig | 0.49 | 7.5 | 0.01 | Feb 1, 2023 | Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request. | ||
| CVE-2023-33599 | Med | 0.40 | 6.1 | 0.00 | May 23, 2023 | EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. | ||
| CVE-2025-65474 | 0.00 | — | 0.00 | Dec 11, 2025 | An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format. | |||
| CVE-2025-65472 | 0.00 | — | 0.00 | Dec 11, 2025 | A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page. | |||
| CVE-2025-65471 | 0.00 | — | 0.00 | Dec 11, 2025 | An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||
| CVE-2025-65473 | 0.00 | — | 0.00 | Dec 11, 2025 | An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name. | |||
| CVE-2025-13415 | 0.00 | — | 0.00 | Nov 19, 2025 | A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. |
- risk 0.49cvss 7.5epss 0.01
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.
- risk 0.40cvss 6.1epss 0.00
EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.
- CVE-2025-65474Dec 11, 2025risk 0.00cvss —epss 0.00
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format.
- CVE-2025-65472Dec 11, 2025risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page.
- CVE-2025-65471Dec 11, 2025risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file.
- CVE-2025-65473Dec 11, 2025risk 0.00cvss —epss 0.00
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name.
- CVE-2025-13415Nov 19, 2025risk 0.00cvss —epss 0.00
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.