Cmseasy

Cmseasy

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-15148

Exploit
  • EPSS 0.05%
  • Veröffentlicht 28.12.2025 18:15:47
  • Zuletzt bearbeitet 24.02.2026 07:16:59

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead ...

6.1

CVE-2025-11332

Exploit
  • EPSS 0.02%
  • Veröffentlicht 06.10.2025 10:32:05
  • Zuletzt bearbeitet 24.02.2026 07:16:27

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHP_SELF can lead to cross site scripting. The attack may b...

6.3

CVE-2025-55910

Exploit
  • EPSS 0.07%
  • Veröffentlicht 19.09.2025 00:00:00
  • Zuletzt bearbeitet 25.09.2025 19:34:47

CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php.

8.1

CVE-2025-1336

Exploit
  • EPSS 0.15%
  • Veröffentlicht 16.02.2025 09:15:09
  • Zuletzt bearbeitet 28.02.2025 19:47:07

A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimg_action in the library lib/admin/image_admin.php. The manipulation of the argument imgname leads to path traversa...

8.1

CVE-2025-1335

Exploit
  • EPSS 0.11%
  • Veröffentlicht 16.02.2025 04:15:23
  • Zuletzt bearbeitet 28.02.2025 19:47:07

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to...

6.5

CVE-2025-1106

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.02.2025 19:15:24
  • Zuletzt bearbeitet 04.03.2025 14:53:43

A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the ...

6.5

CVE-2025-0973

Exploit
  • EPSS 0.15%
  • Veröffentlicht 03.02.2025 01:15:07
  • Zuletzt bearbeitet 28.02.2025 22:16:37

A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The...

7.5

CVE-2024-34315

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.05.2024 19:15:08
  • Zuletzt bearbeitet 14.04.2025 14:21:13

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.

4.9

CVE-2024-34314

  • EPSS 0.16%
  • Veröffentlicht 07.05.2024 19:15:08
  • Zuletzt bearbeitet 14.03.2025 01:15:39

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.

7.5

CVE-2024-31551

  • EPSS 0.55%
  • Veröffentlicht 26.04.2024 22:15:08
  • Zuletzt bearbeitet 14.04.2025 14:20:58

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.