CVE-2024-1925

CVE-2024-1925 affects Ctcms 2.1.2 in the Upsys.php admin controller, enabling unrestricted file upload. The vulnerability is exploitable remotely with high attack complexity; exploitation is reported publicly. No patch/version fix details are provided in the connected documents. Some sources reco...

CVE-2025-4545

CTCMS Content Management System 2.1.2 contains a path traversal vulnerability in the File Handler’s del function (ctcms/apps/controllers/admin/Tpl.php) triggered by manipulating the File argument. Exploitation is remote and publicly disclosed; multiple sources describe the impact on path traversa...

CVE-2025-14731

CVE-2025-14731 affects CTCMS Content Management System up to version 2.1.2. The issue resides in the Frontend/Template Management Module, specifically the library file /ctcms/apps/libraries/CT_Parser.php, where improper neutralization of special elements used in the template engine is reported. T...

CVE-2025-14729

CVE-2025-14729 affects CTCMS Content Management System up to version 2.1.2. The vulnerability resides in the Save function of /ctcms/libs/Ct_App.php, in the Backend App Configuration Module, where manipulating the CT_App_Paytype argument enables code injection. Remote exploitation is possible and...

CVE-2025-14730

CVE-2025-14730 affects CTCMS Content Management System up to version 2.1.2, focusing on an unknown function in /ctcms/libs/Ct_Config.php. Manipulation of the Cj_Add/Cj_Edit argument leads to code injection, enabling remote execution. The issue is associated with the Backend System Configuration M...