VYPR

EasyImages

by EasyImages

CVEs (7)

  • CVE-2022-48161HigFeb 1, 2023
    risk 0.49cvss 7.5epss 0.01

    Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.

  • CVE-2023-33599MedMay 23, 2023
    risk 0.40cvss 6.1epss 0.00

    EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.

  • CVE-2025-65474Dec 11, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format.

  • CVE-2025-65472Dec 11, 2025
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page.

  • CVE-2025-65471Dec 11, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2025-65473Dec 11, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name.

  • CVE-2025-13415Nov 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.