GCVE - cpe:2.3:a:n/a:cmseasy:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:cmseasy:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Cmseasy (`ad8e64b8-23de-5e19-a7eb-83643a8d5532`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-1336`	vulnerable	2026-06-08 07:08:36.557396	CmsEasy image_admin.php deleteimg_action path traversal MEDIUM (4.3) A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimg_action in the library lib/admin/image_admin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-02-16T09:00:14.232Z Updated: 2025-02-18T16:12:03.784Z Open on db.gcve.eu Reference links https://vuldb.com/?id.295951 https://vuldb.com/?ctiid.295951 https://vuldb.com/?submit.493685 https://github.com/Sinon2003/cve/blob/main/CmsEasy/CmsEasy-v7.7.7.9-PathTraversal-2-2-2.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1335`	vulnerable	2026-06-08 07:08:36.555943	CmsEasy file_admin.php deleteimg_action path traversal MEDIUM (4.3) A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-02-16T04:00:15.125Z Updated: 2025-02-18T21:32:38.225Z Open on db.gcve.eu Reference links https://vuldb.com/?id.295950 https://vuldb.com/?ctiid.295950 https://vuldb.com/?submit.493682 https://github.com/Sinon2003/cve/blob/main/CmsEasy/CmsEasy-v7.7.7.9-PathTraversal-2-2-1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1106`	vulnerable	2026-06-08 07:06:36.928826	CmsEasy database_admin.php restore_action path traversal MEDIUM (5.4) A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-02-07T18:31:04.414Z Updated: 2025-02-12T20:51:41.660Z Open on db.gcve.eu Reference links https://vuldb.com/?id.294939 https://vuldb.com/?ctiid.294939 https://vuldb.com/?submit.491518 https://github.com/Sinon2003/cve/blob/main/CmsEasy/CmsEasyPathTraversal-2.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0973`	vulnerable	2026-06-08 07:02:26.077959	CmsEasy index.php backAll_action path traversal MEDIUM (5.4) A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-02-03T00:31:04.880Z Updated: 2025-02-12T20:41:37.613Z Open on db.gcve.eu Reference links https://vuldb.com/?id.294364 https://vuldb.com/?ctiid.294364 https://vuldb.com/?submit.487649 https://github.com/Sinon2003/cve/blob/main/CmsEasy/CmsEasy-V7.7.7.9%2020240105-Directory%20Traversal.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-0523`	vulnerable	2026-06-08 06:22:01.282593	CmsEasy language_admin.php getslide_child_action sql injection MEDIUM (6.3) A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: 2024-01-14T23:00:06.144Z Updated: 2025-06-17T21:09:22.212Z Open on db.gcve.eu Reference links https://vuldb.com/?id.250693 https://vuldb.com/?ctiid.250693 https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.