CVE-2026-1105

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

CVE-2026-1105

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

EasyCMS SQL Injection Vulnerability

EasyCMS is a PHP-based website building system from the EasyCMS community. Versions of EasyCMS 1.6 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the order parameter in the File/UserAction.class.php file, which may lead to SQL injection attacks...

CVE-2026-1105 EasyCMS UserAction.class.php sql injection

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

CVE-2026-1105 EasyCMS UserAction.class.php sql injection

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

PT-2026-3373

Name of the Vulnerable Software and Affected Versions EasyCMS versions up to 1.6 Description A flaw exists in EasyCMS that allows for remote code execution. The issue stems from the manipulation of the order argument within the /UserAction.class.php file, leading to a SQL injection. The exploit i...