CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
References
Link | Resource |
---|---|
https://github.com/H3rmesk1t/vulnerability-paper/blob/main/CmsEasy-7.7.7.9-File%20Inclusion.md | Third Party Advisory |
https://github.com/H3rmesk1t/vulnerability-paper/blob/main/CmsEasy-7.7.7.9-File%20Inclusion.md | Third Party Advisory |
Configurations
History
14 Mar 2025, 01:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cmseasy cmseasy
Cmseasy |
|
References | () https://github.com/H3rmesk1t/vulnerability-paper/blob/main/CmsEasy-7.7.7.9-File%20Inclusion.md - Third Party Advisory | |
CPE | cpe:2.3:a:cmseasy:cmseasy:7.7.7.9:*:*:*:*:*:*:* | |
CWE | CWE-98 NVD-CWE-Other |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
21 Nov 2024, 09:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/H3rmesk1t/vulnerability-paper/blob/main/CmsEasy-7.7.7.9-File%20Inclusion.md - | |
Summary |
|
07 May 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-07 19:15
Updated : 2025-03-14 01:15
NVD link : CVE-2024-34314
Mitre link : CVE-2024-34314
CVE.ORG link : CVE-2024-34314
JSON object : View
Products Affected
cmseasy
- cmseasy
CWE
NVD-CWE-Other
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')