CVE-2025-65473

Name of the Vulnerable Software and Affected Versions EasyImages versions 2.0 through 2.8.6

Description A flaw exists within the /admin/filer.php component that allows attackers with Administrator privileges to execute arbitrary code. This is possible by injecting a crafted payload into an uploaded file name, leading to an arbitrary file rename.

Recommendations Update EasyImages to a version newer than 2.8.6.