VDB-336710 | MuYuCMS 2.7 Template Management Page Template.php delete_dir_file temn/tp path traversal

Inserito da Angelo Barbosa | Dic 16, 2025 | CVE

A vulnerability identified as critical has been detected in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal.

It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

VDB-336710 | MuYuCMS 2.7 Template Management Page Template.php delete_dir_file temn/tp path traversal

Post correlati

CVE-2025-22577 | Damion Armentrout Able Player Plugin up to 1.0 on WordPress cross site scripting

CVE-2024-34678 | Samsung Mobile Devices libsapeextractor.so out-of-bounds write

CVE-2023-40390 | Apple macOS up to 14.1 Location information disclosure

CVE-2025-66325 | Huawei HarmonyOS/EMUI Package Management access control