CVE-2024-31551

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.yuque.com/sickle-ffnce/awixr8/qu8i0p9y0h277m6u	Broken Link
https://www.yuque.com/sickle-ffnce/awixr8/qu8i0p9y0h277m6u	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:cmseasy:cmseasy:7.7.7.9:*:*:*:*:*:*:*

History

14 Apr 2025, 14:20

Type	Values Removed	Values Added
First Time		Cmseasy Cmseasy cmseasy
CPE		cpe:2.3:a:cmseasy:cmseasy:7.7.7.9:::::::*
References	~~() https://www.yuque.com/sickle-ffnce/awixr8/qu8i0p9y0h277m6u -~~	() https://www.yuque.com/sickle-ffnce/awixr8/qu8i0p9y0h277m6u - Broken Link

Information

Published : 2024-04-26 22:15

Updated : 2025-04-14 14:20

NVD link : CVE-2024-31551

Mitre link : CVE-2024-31551

CVE.ORG link : CVE-2024-31551

JSON object : View

Products Affected

cmseasy

cmseasy

CWE

CWE-26

Path Traversal: '/dir/../filename'

7.5 /10