An issue in CmsEasy v.7.7 and before allows a remote malicious user to obtain sensitive information via the update function in the index.php component.