Easycms CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-1105	1 Easycms	1 Easycms	2026-01-19	7.3 High
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-23358	1 Easycms	1 Easycms	2024-11-21	9.8 Critical
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.
CVE-2020-24271	1 Easycms	1 Easycms	2024-11-21	8.8 High
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=*&password=*.
CVE-2019-6294	1 Easycms	1 Easycms	2024-11-21	N/A
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
CVE-2018-17113	1 Easycms	1 Easycms	2024-11-21	N/A
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.
CVE-2018-16773	1 Easycms	1 Easycms	2024-11-21	N/A
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
CVE-2018-16759	1 Easycms	1 Easycms	2024-11-21	N/A
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.
CVE-2018-16345	1 Easycms	1 Easycms	2024-11-21	N/A
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
CVE-2018-12971	1 Easycms	1 Easycms	2024-11-21	N/A
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
CVE-2018-10374	1 Easycms	1 Easycms	2024-11-21	N/A
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.

Page 1 of 1.