CVE-2024-31551

Name of the Vulnerable Software and Affected Versions cmseasy version 7.7.7.9 20240105

Description The issue allows attackers to delete arbitrary files via a crafted GET request, exploiting a Directory Traversal vulnerability in the lib/admin/image.admin.php file.

Recommendations For cmseasy version 7.7.7.9 20240105, consider restricting access to the lib/admin/image.admin.php file until a patch is available. As a temporary workaround, avoid using crafted GET requests to the vulnerable endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.