Primary

Context

CmsEasy Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A critical directory traversal vulnerability has been identified in CmsEasy version 7.7.7.9. The issue arises in the 'backAll_action' function within 'lib/admin/database_admin.php'. This vulnerability allows remote attackers to manipulate the 'select[]' parameter, leading to path traversal and arbitrary file deletion. The exploit has been publicly disclosed.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion on the server.

Reproduction

To reproduce this vulnerability, log into the admin panel and send a POST request to '/index.php?case=database&act=backAll&admin_dir=admin&site=default'. Include the 'submit' parameter set to '1' and the 'select[]' parameter with a crafted value that traverses directories, such as '.....///.....///test.txt'. This will delete the specified file from the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CmsEasy Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Reproduction

Affected Products

CmsEasy

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating