Easycms: >> Easycms >> 1.6 Security Vulnerabilities
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-16
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-02-01