CVE-2025-15148

<= 7.7.7.0

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.ph

4.7MEDIUM

CVE-2025-11332

>= 7.0 and <= 7.7.7.0

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the com

3.5LOW

CVE-2025-55910

<= 7.7.8.0

CMSEasy v7.7.8.0 and before is vulnerable to Arbitrary file deletion in database_admin.php.

6.3MEDIUM

CVE-2025-1336

all versions

A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function de

4.3MEDIUM

CVE-2025-1335

all versions

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in t

4.3MEDIUM

CVE-2025-1106

all versions

A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_actio

5.4MEDIUM

CVE-2025-0973

all versions

A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the

5.4MEDIUM

CVE-2024-34315

all versions

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_a

7.5HIGH

CVE-2024-34314

all versions

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_act

4.9MEDIUM

CVE-2024-31551

all versions

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary f

7.5HIGH

CVE-2024-32236

<= 7.7.0

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index

3.5LOW

CVE-2024-32163

all versions

CMSeasy 7.7.7.9 is vulnerable to code execution.

6.4MEDIUM

CVE-2024-32162

all versions

CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.

4.3MEDIUM

CVE-2024-25828

all versions

cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.

4.9MEDIUM

CVE-2024-0523

<= 7.7.7.0

A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function

6.3MEDIUM

CVE-2020-18406

all versions

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data.

7.5HIGH

CVE-2023-34880

all versions

cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language

9.8CRITICAL

CVE-2021-42644

all versions

cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of th

6.5MEDIUM

CVE-2021-42643

all versions

cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is wri

8.8HIGH

CVE-2019-8434

all versions

In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.

6.1MEDIUM

CVE-2019-8432

all versions

In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.

6.1MEDIUM

CVE-2018-11680

all versions

An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME elem

6.5MEDIUM

CVE-2018-11679

all versions

An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&a

8.8HIGH