CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-1105

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.7%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 7.5

References

Products affected by CVE-2026-1105

Easycms » Easycms » Version: 1.0

cpe:2.3:a:easycms:easycms:1.0
Easycms » Easycms » Version: 1.1

cpe:2.3:a:easycms:easycms:1.1
Easycms » Easycms » Version: 1.2

cpe:2.3:a:easycms:easycms:1.2
Easycms » Easycms » Version: 1.3

cpe:2.3:a:easycms:easycms:1.3
Easycms » Easycms » Version: 1.4

cpe:2.3:a:easycms:easycms:1.4
Easycms » Easycms » Version: 1.5

cpe:2.3:a:easycms:easycms:1.5
Easycms » Easycms » Version: 1.6

cpe:2.3:a:easycms:easycms:1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-1105

Products

Pricing

Contact Us