Cmseasy
CVE-2024-32163
MEDIUM
Severity by source
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
CMSeasy 7.7.7.9 is vulnerable to code execution.
AnalysisAI
CMSeasy 7.7.7.9 is vulnerable to code execution. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Affected products include: Cmseasy.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
A vulnerability was found in CmsEasy up to 7.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp
cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admi
An issue was discovered in CmsEasy 6.1_20180508. Rated high severity (CVSS 8.8), this vulnerability is remotely exploita
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. Rated medium severity (CVSS 6.1), this vulnerabili
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is
A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Rated medium severity (CVSS 5.3), this
A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), th
A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), this vulnera
cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. Rated medium severity (CV
CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. Rated medium severity (CVSS 4.3), this vulnerability is remote
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete a
Same weakness CWE-22 – Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today