CVE-2025-0973 | CmsEasy 7.7.7.9 database_admin.php backAll_action select[] path traversal

A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal.

This vulnerability was named CVE-2025-0973. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-0973 | CmsEasy 7.7.7.9 database_admin.php backAll_action select[] path traversal

Post correlati

CVE-2024-34997 | joblib 1.4.2 NumpyArrayWrapper.read_array deserialization (Issue 1582)

CVE-2024-6134 | WP-FeedStats wp-cart-for-digital-products Plugin up to 8.5.5 on WordPress cross site scripting

CVE-2023-44379 | baserCMS up to 5.0.8 Site Search cross site scripting

CVE-2023-37058 | Jlink AX1800 1.0 permission