Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmseasy cmseasy vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-0523
A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be lau...
Cmseasy Cmseasy
9.8
CVSSv3
CVE-2023-34880
cmseasy v7.7.7.7 20230520 exists to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows malicious users to execute arbitrary code and perform a local file inclusion.
Cmseasy Cmseasy 7.7.7.7
6.1
CVSSv3
CVE-2019-8432
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
Cmseasy Cmseasy 7.0
6.1
CVSSv3
CVE-2019-8434
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
Cmseasy Cmseasy 7.0
7.5
CVSSv3
CVE-2020-18406
An issue exists in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.
Cmseasy Cmseasy 7.0
8.8
CVSSv3
CVE-2018-11679
An issue exists in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
Cmseasy Cmseasy 6.0
6.5
CVSSv3
CVE-2018-11680
An issue exists in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
Cmseasy Cmseasy 6.0
8.8
CVSSv3
CVE-2021-42643
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.
Cmseasy Cmseasy 7.7.5 20211012
6.5
CVSSv3
CVE-2021-42644
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.
Cmseasy Cmseasy 7.7.5 20211012
NA
CVE-2024-32163
CMSeasy 7.7.7.9 is vulnerable to code execution.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »