cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.
References
Configurations
History
26 May 2022, 14:33
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-552 | |
CPE | cpe:2.3:a:cmseasy:cmseasy:7.7.5_20211012:*:*:*:*:*:*:* | |
References | (MISC) https://jdr2021.github.io/2021/10/14/CmsEasy_7.7.5_20211012%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%86%99%E5%85%A5%E5%92%8C%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E/ - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
17 May 2022, 13:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-17 12:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-42644
Mitre link : CVE-2021-42644
CVE.ORG link : CVE-2021-42644
JSON object : View
Products Affected
cmseasy
- cmseasy
CWE
CWE-552
Files or Directories Accessible to External Parties