CVE-2025-1106

Name of the Vulnerable Software and Affected Versions CmsEasy version 7.7.7.9

Description A critical issue has been discovered, affecting the deletedir action/restore action function in the lib/admin/database admin.php library. This leads to path traversal and can be initiated remotely. The issue has been publicly disclosed.

Recommendations For CmsEasy version 7.7.7.9, consider disabling the deletedir action/restore action function in the lib/admin/database admin.php library as a temporary workaround until a patch is available. Restrict access to the lib/admin/database admin.php library to minimize the risk of exploitation.