Easycms

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-3786 MEDIUM POC This Month

SQL injection in EasyCMS up to version 1.6 via the _order parameter in the Request Parameter Handler allows authenticated remote attackers to execute arbitrary SQL queries with medium impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

PHP SQLi Easycms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-3785 MEDIUM POC This Month

SQL injection in EasyCMS versions up to 1.6 via the _order parameter in the Request Parameter Handler allows remote attackers with valid credentials to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early disclosure notification. The attack requires low complexity and can result in unauthorized data access, modification, and potential service disruption.

PHP SQLi Easycms
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-1105 HIGH POC This Week

SQL injection in EasyCMS up to version 1.6 via the _order parameter in /UserAction.class.php allows unauthenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

PHP SQLi Easycms
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-3786
EPSS 0% CVSS 6.3
MEDIUM POC This Month

SQL injection in EasyCMS up to version 1.6 via the _order parameter in the Request Parameter Handler allows authenticated remote attackers to execute arbitrary SQL queries with medium impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

PHP SQLi Easycms
NVD GitHub VulDB
CVE-2026-3785
EPSS 0% CVSS 6.3
MEDIUM POC This Month

SQL injection in EasyCMS versions up to 1.6 via the _order parameter in the Request Parameter Handler allows remote attackers with valid credentials to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early disclosure notification. The attack requires low complexity and can result in unauthorized data access, modification, and potential service disruption.

PHP SQLi Easycms
NVD GitHub VulDB
CVE-2026-1105
EPSS 0% CVSS 7.3
HIGH POC This Week

SQL injection in EasyCMS up to version 1.6 via the _order parameter in /UserAction.class.php allows unauthenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

PHP SQLi Easycms
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy