316 matches found
CVE-2025-55910
CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in databaseadmin.php...
CVE-2025-55910
CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in databaseadmin.php...
CVE-2024-31551
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request...
CVE-2024-32236
An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component...
CVE-2024-32162
CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion...
CVE-2024-34314
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the filegetcontents function in the fetchaction method of /admin/templateadmin.php. This vulnerability allows attackers to read arbitrary files...
CVE-2024-25828
cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/templateadmin.php...
CVE-2024-32163
CMSeasy 7.7.7.9 is vulnerable to code execution...
CVE-2024-34315
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the filegetcontents function in the fckeditaction method of /admin/templateadmin.php. This vulnerability allows attackers to read arbitrary files...
CVE-2024-0523
A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslidechildaction in the library lib/admin/languageadmin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The...
CVE-2023-34880
cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the addaction method at lib/admin/languageadmin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion...
CVE-2020-18406
An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data...
CVE-2018-11679
An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability that can add an article via /index.php?case=table=add=archivedir=admin...
CVE-2019-8432
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter...
CVE-2019-8434
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter...
CVE-2018-11680
An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate...
CVE-2025-1336
A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimgaction in the library lib/admin/imageadmin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The explo...
CVE-2025-1336
A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimgaction in the library lib/admin/imageadmin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The explo...
CVE-2025-1336 CmsEasy image_admin.php deleteimg_action path traversal
A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimgaction in the library lib/admin/imageadmin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The explo...
CVE-2025-1336 CmsEasy image_admin.php deleteimg_action path traversal
A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimgaction in the library lib/admin/imageadmin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The explo...