Vulnerabilities > Cmseasy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-14 | CVE-2024-0523 | SQL Injection vulnerability in Cmseasy A vulnerability was found in CmsEasy up to 7.7.7. | 9.8 |
| 2023-06-27 | CVE-2020-18406 | Insufficiently Protected Credentials vulnerability in Cmseasy 7.0 An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | 7.5 |
| 2023-06-15 | CVE-2023-34880 | Path Traversal vulnerability in Cmseasy 7.7.7.7 cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. | 9.8 |
| 2022-05-17 | CVE-2021-42643 | Path Traversal vulnerability in Cmseasy 7.7.520211012 cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. | 6.5 |
| 2022-05-17 | CVE-2021-42644 | Files or Directories Accessible to External Parties vulnerability in Cmseasy 7.7.520211012 cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. | 4.0 |
| 2019-02-18 | CVE-2019-8434 | Cross-site Scripting vulnerability in Cmseasy 7.0 In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | 4.3 |
| 2019-02-18 | CVE-2019-8432 | Cross-site Scripting vulnerability in Cmseasy 7.0 In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | 4.3 |
| 2018-06-02 | CVE-2018-11680 | Cross-Site Request Forgery (CSRF) vulnerability in Cmseasy 6.0 An issue was discovered in CmsEasy 6.1_20180508. | 4.3 |
| 2018-06-02 | CVE-2018-11679 | Cross-Site Request Forgery (CSRF) vulnerability in Cmseasy 6.0 An issue was discovered in CmsEasy 6.1_20180508. | 6.8 |