Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cmseasy cmseasy vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2018-11679
An issue exists in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
Cmseasy Cmseasy 6.0
578
VMScore
CVE-2021-42643
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.
Cmseasy Cmseasy 7.7.5 20211012
383
VMScore
CVE-2019-8432
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
Cmseasy Cmseasy 7.0
383
VMScore
CVE-2019-8434
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
Cmseasy Cmseasy 7.0
383
VMScore
CVE-2018-11680
An issue exists in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
Cmseasy Cmseasy 6.0
356
VMScore
CVE-2021-42644
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.
Cmseasy Cmseasy 7.7.5 20211012
NA
CVE-2024-34314
CmsEasy v7.7.7.9 exists to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows malicious users to read arbitrary files.
NA
CVE-2024-34315
CmsEasy v7.7.7.9 exists to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows malicious users to read arbitrary files.
NA
CVE-2024-31551
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows malicious users to delete arbitrary files via crafted GET request.
NA
CVE-2024-32236
An issue in CmsEasy v.7.7 and before allows a remote malicious user to obtain sensitive information via the update function in the index.php component.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »