CVE-2025-1335 | CmsEasy 7.7.7.9 lib/admin/file_admin.php deleteimg_action imgname path traversal

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal.

This vulnerability is traded as CVE-2025-1335. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1335 | CmsEasy 7.7.7.9 lib/admin/file_admin.php deleteimg_action imgname path traversal

Related Posts

CVE-2024-12954 | 1000 Projects Portfolio Management System MCA 1.0 /update_ach.php ach_certy unrestricted upload

CVE-2021-22509 | OpenText NetIQ Advance Authentication up to 6.3.5.0 cleartext storage

CVE-2024-35747 | wpdevart Contact Form Builder, Contact Widget Plugin up to 2.1.7 on WordPress excessive authentication

CVE-2023-51405 | BookingPress Plugin up to 1.0.74 on WordPress Price bookingpress_confirm_booking access control