Easycms
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16345 | Hig | 0.57 | 8.8 | 0.01 | Sep 2, 2018 | An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | ||
| CVE-2026-1105 | Hig | 0.47 | 7.3 | 0.00 | Jan 18, 2026 | A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be… | ||
| CVE-2018-12971 | Med | 0.42 | 6.5 | 0.00 | Jun 29, 2018 | EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | ||
| CVE-2026-3786 | Med | 0.41 | 6.3 | 0.00 | Mar 8, 2026 | A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order results in sql injection. The attack can be launched… | ||
| CVE-2026-3785 | Med | 0.41 | 6.3 | 0.00 | Mar 8, 2026 | A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order leads to sql injection. The attack can be initiated… | ||
| CVE-2022-23358 | 0.00 | — | 0.01 | Feb 16, 2022 | EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. | |||
| CVE-2020-24271 | 0.00 | — | 0.01 | Feb 1, 2021 | A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | |||
| CVE-2019-6294 | 0.00 | — | 0.01 | Jan 15, 2019 | An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI. |
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be…
- risk 0.42cvss 6.5epss 0.00
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order results in sql injection. The attack can be launched…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order leads to sql injection. The attack can be initiated…
- CVE-2022-23358Feb 16, 2022risk 0.00cvss —epss 0.01
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.
- CVE-2020-24271Feb 1, 2021risk 0.00cvss —epss 0.01
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***.
- CVE-2019-6294Jan 15, 2019risk 0.00cvss —epss 0.01
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.