Easycms: >> Easycms >> 1.3 Security Vulnerabilities
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-01-18
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-06-29
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-25