Skip to main content

Cmseasy CVE-2024-32163

MEDIUM
Path Traversal (CWE-22)
2024-04-17 cve@mitre.org
6.4
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.4 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 17, 2024 - 19:15 cve.org
MEDIUM 6.4

DescriptionCVE.org

CMSeasy 7.7.7.9 is vulnerable to code execution.

AnalysisAI

CMSeasy 7.7.7.9 is vulnerable to code execution. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Affected products include: Cmseasy.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2024-0523 CRITICAL POC
9.8 Jan 14

A vulnerability was found in CmsEasy up to 7.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2023-34880 CRITICAL POC
9.8 Jun 15

cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admi

CVE-2018-11679 HIGH POC
8.8 Jun 02

An issue was discovered in CmsEasy 6.1_20180508. Rated high severity (CVSS 8.8), this vulnerability is remotely exploita

CVE-2024-34315 HIGH POC
7.5 May 07

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the

CVE-2019-8434 MEDIUM POC
6.1 Feb 18

In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. Rated medium severity (CVSS 6.1), this vulnerabili

CVE-2019-8432 MEDIUM POC
6.1 Feb 18

In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is

CVE-2025-1336 MEDIUM POC
5.3 Feb 16

A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Rated medium severity (CVSS 5.3), this

CVE-2025-1335 MEDIUM POC
5.3 Feb 16

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), th

CVE-2025-1106 MEDIUM POC
5.3 Feb 07

A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), this vulnera

CVE-2024-25828 MEDIUM POC
4.9 Feb 22

cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. Rated medium severity (CV

CVE-2024-32162 MEDIUM POC
4.3 Apr 17

CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. Rated medium severity (CVSS 4.3), this vulnerability is remote

CVE-2024-31551 HIGH
7.5 Apr 26

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete a

Share

CVE-2024-32163 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy