An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
PHP
Information Disclosure
Cmseasy
NVD
GitHub
CVSS 3.1
3.5
EPSS
0.4%