Easycms: >> Easycms >> 1.5 Security Vulnerabilities
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-01-18
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-01-15
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-09-17
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-10
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02