📦 Cmseasy

CVE-2023-34880 is a critical path traversal vulnerability in cmseasy CMS that allows attackers to execute arbitrary code via local file inclusion. This affects all systems running cmseasy v7.7.7.7 202...

CmsEasy v7.7.7.9 contains a local file inclusion vulnerability in the fckedit_action method of /admin/template_admin.php that allows attackers to read arbitrary files using the file_get_contents funct...

This CVE describes a directory traversal vulnerability in cmseasy v7.7.7.9 that allows attackers to delete arbitrary files on the server via crafted GET requests. Attackers can exploit this to delete ...

CVE-2020-18406 is a vulnerability in cmseasy v7.0.0 that transmits user credentials in plain text without encryption. This allows attackers to intercept login credentials during transmission. Any orga...

CVE-2021-42643 is an arbitrary file write vulnerability in cmseasy CMS that allows attackers to write PHP script files to the web server. This can lead to remote code execution by accessing the upload...

CVE-2025-15148 is a code injection vulnerability in CmsEasy's backend template management that allows attackers to execute arbitrary code by manipulating template content. This affects CmsEasy install...

This path traversal vulnerability in CmsEasy 7.7.7.9 allows attackers to delete arbitrary files on the server by manipulating the imgname parameter in the deleteimg_action function. Attackers can expl...

This critical vulnerability in CmsEasy 7.7.7.9 allows remote attackers to perform path traversal attacks via the select[] parameter in the backAll_action function. This could enable unauthorized file ...