CVE-2025-1106: CmsEasy database_admin.php restore_action path traversal
First published: Fri Feb 07 2025(Updated: )
A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CmsEasy | ||
| =7.7.7.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1106?
CVE-2025-1106 is classified as a critical vulnerability.
What does CVE-2025-1106 affect?
CVE-2025-1106 affects the deletedir_action/restore_action functionality in CmsEasy 7.7.7.9.
How do I fix CVE-2025-1106?
To fix CVE-2025-1106, it is recommended to update CmsEasy to the latest version that addresses this vulnerability.
Can CVE-2025-1106 be exploited remotely?
Yes, CVE-2025-1106 can be exploited remotely due to its nature of path traversal.
What type of vulnerability is CVE-2025-1106?
CVE-2025-1106 is a path traversal vulnerability.
- agent/weakness
- agent/type
- agent/references
- agent/description
- agent/title
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/source
- agent/severity
- agent/author
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/cmseasy
- canonical/cmseasy
- version/cmseasy/7.7.7.9