22 matches found
CVE-2025-15143
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...
EUVD-2025-205521
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...
CVE-2025-15148
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...
CVE-2025-15148
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...
CVE-2025-15148 CmsEasy Backend Template Management template_admin.php savetemp_action code injection
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...
EUVD-2025-205522
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...
CVE-2025-15148
CmsEasy up to 7.7.7 is affected by a code-injection flaw in the savetemp_action function of /lib/admin/template_admin.php in the Backend Template Management Page. Manipulating the content/tempdata argument can enable remote code execution, and an exploit has been published. The vendor has not res...
CVE-2025-15143
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...
CVE-2025-15143
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...
CVE-2025-15143 EyouCMS Backend Template Management FilemanagerLogic.php sql injection
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...
CVE-2025-15143
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...
CVE-2025-15143 EyouCMS Backend Template Management FilemanagerLogic.php sql injection
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to laun...
CVE-2025-15143
CVE-2025-15143 affects EyouCMS up to 1.7.6. The vulnerability is in /application/admin/logic/FilemanagerLogic.php (Backend Template Management) where the manipulation of the content parameter enables SQL injection. Exploitation can be remote, and an exploit has been publicly released. The vendor ...
PT-2025-32178 · Qcms · Qcms
Name of the Vulnerable Software and Affected Versions: QCMS version 6.0.5 Description: A vulnerability allows authenticated users to read arbitrary files from the server due to insufficient validation of the Name parameter in the backend template editor. Attackers can manipulate this parameter to...
CVE-2025-50233
QCMS 6.0.5 contains a vulnerability in the backend template editor where insufficient validation of the Name parameter enables authenticated users to perform directory traversal and read arbitrary server files outside the intended template directory (e.g., system configuration or PHP source). Imp...
CVE-2020-10578
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1...
WMCMS system backend template list exists arbitrary file deletion vulnerability
WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS system background template list exists arbitrary file deletion vulnerability. Attackers can use the vulnerability to delete arbitrary files, resulting in system reinstallation...
BageCms v3.1.0 Code Execution Vulnerability at Backend Template Function
Bage Content Management System BageCms is a web content management system based on php+mysql. BageCms v3.1.0 code execution vulnerability exists at the background template function, allowing attackers to remotely execute commands and gain server privileges...
Command Execution Vulnerability at OFCMS Backend Template Customization
OFCMS is a content management system developed based on java technology. A command execution vulnerability exists in the OFCMS backend template customization, which can be exploited by an attacker to execute arbitrary commands...
Code execution vulnerability in Elefant CMS 2.0.8 backend
Elefant CMS is a PHP-based content management system CMS. The system includes features such as an events calendar, contact form, social media integration and member login. A code execution vulnerability exists in Elefant CMS 2.0.8 at the backend template, which is caused due to a failure of stric...