Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmseasy vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-0523
A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be lau...
Cmseasy Cmseasy
7.5
CVSSv3
CVE-2020-18406
An issue exists in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.
Cmseasy Cmseasy 7.0
9.8
CVSSv3
CVE-2023-34880
cmseasy v7.7.7.7 20230520 exists to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows malicious users to execute arbitrary code and perform a local file inclusion.
Cmseasy Cmseasy 7.7.7.7
6.1
CVSSv3
CVE-2019-8432
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
Cmseasy Cmseasy 7.0
6.1
CVSSv3
CVE-2019-8434
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
Cmseasy Cmseasy 7.0
6.5
CVSSv3
CVE-2018-11680
An issue exists in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
Cmseasy Cmseasy 6.0
8.8
CVSSv3
CVE-2021-42643
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.
Cmseasy Cmseasy 7.7.5 20211012
6.5
CVSSv3
CVE-2021-42644
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.
Cmseasy Cmseasy 7.7.5 20211012
8.8
CVSSv3
CVE-2018-11679
An issue exists in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
Cmseasy Cmseasy 6.0
NA
CVE-2024-32163
CMSeasy 7.7.7.9 is vulnerable to code execution.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »