Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmseasy cmseasy vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-0523
A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be lau...
Cmseasy Cmseasy
9.8
CVSSv3
CVE-2023-34880
cmseasy v7.7.7.7 20230520 exists to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows malicious users to execute arbitrary code and perform a local file inclusion.
Cmseasy Cmseasy 7.7.7.7
8.8
CVSSv3
CVE-2021-42643
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.
Cmseasy Cmseasy 7.7.5 20211012
8.8
CVSSv3
CVE-2018-11679
An issue exists in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
Cmseasy Cmseasy 6.0
7.5
CVSSv3
CVE-2020-18406
An issue exists in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.
Cmseasy Cmseasy 7.0
6.5
CVSSv3
CVE-2021-42644
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.
Cmseasy Cmseasy 7.7.5 20211012
6.5
CVSSv3
CVE-2018-11680
An issue exists in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
Cmseasy Cmseasy 6.0
6.1
CVSSv3
CVE-2019-8432
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
Cmseasy Cmseasy 7.0
6.1
CVSSv3
CVE-2019-8434
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
Cmseasy Cmseasy 7.0
NA
CVE-2024-34314
CmsEasy v7.7.7.9 exists to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows malicious users to read arbitrary files.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »