CVE-2025-15148 | CmsEasy up to 7.7.7 Backend Template Management Page template_admin.php savetemp_action content/tempdata code injection

A vulnerability was found in CmsEasy up to 7.7.7 and classified as critical. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead to code injection.

The identification of this vulnerability is CVE-2025-15148. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

CVE-2025-15148 | CmsEasy up to 7.7.7 Backend Template Management Page template_admin.php savetemp_action content/tempdata code injection

Post correlati

CVE-2024-56689 | Linux Kernel up to 6.6.63/6.11.10/6.12.1 epf-mhi platform_get_resource_byname null pointer dereference

CVE-2025-53498 | AbuseFilter Extension up to 1.39.12/1.42.6/1.43.1 on Mediawiki insufficient logging

CVE-2024-21480 | Qualcomm Snapdragon up to XR2 5G Platform Audio File buffer overflow

CVE-2025-24526 | Mattermost up to 9.11.7/10.1.3/10.2.2/10.3.2/10.4.1 Archived Channel authorization