CVE-2025-1335

MEDIUM Year: 2025
CVSS v3 Score
8.1
High
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2007-5927

HIGH
CVSS:8.1(High)

Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog sto...

CWE-222007

CVE-2008-5748

HIGH
CVSS:8.1(High)

Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.

CWE-222008

CVE-2009-4194

HIGH
CVSS:8.1(High)

Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in t...

CWE-222009

CVE-2016-1671

HIGH
CVSS:8.1(High)

Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/esca...

CWE-222016

CVE-2017-16929

HIGH
CVSS:8.1(High)

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a rem...

CWE-222017

CVE-2017-18585

HIGH
CVSS:8.1(High)

The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.

CWE-222017