Shodan
Vulnerabilities
Vulnerable Software
Easycms:  >> Easycms  Security Vulnerabilities
CVE-2026-1105
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-01-18
CVE-2022-23358
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-16
CVE-2020-24271
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-02-01
CVE-2019-6294
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-01-15
CVE-2018-17113
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-09-17
CVE-2018-16773
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-10
CVE-2018-16759
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-09
CVE-2018-16345
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02
CVE-2018-12971
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-06-29
CVE-2018-10374
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved