Primary

Context

PowerCMS Path Traversal Vulnerability in Backup Restore Feature Allowing Arbitrary Code Execution

Vulnerability

Patched

A path traversal vulnerability has been identified in the backup and restore feature of PowerCMS. This issue affects PowerCMS versions 6.7 and earlier (6.x series), 5.3 and earlier (5.x series), and 4.6 and earlier (4.x series). The vulnerability allows a product administrator to execute arbitrary code by restoring a crafted backup file.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where PowerCMS is running, executed in the context of the application.

Remediation

Users are advised to update PowerCMS to the latest version. Instructions for updating can be found on the PowerCMS website.

Added: Jul 31, 2025, 8:28 AM

Updated: Jul 31, 2025, 8:28 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

5.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

5.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PowerCMS Path Traversal Vulnerability in Backup Restore Feature Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Alfasado PowerCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating