CVE-2025-15589

Name of the Vulnerable Software and Affected Versions MuYuCMS version 2.7

Description A flaw exists in MuYuCMS 2.7 that allows for path traversal. The issue is located in the delete dir file function within the application/admin/controller/Template.php file, part of the Template Management Page component. The temn/tp argument is susceptible to manipulation, enabling remote attackers to exploit this weakness. The exploit has been publicly disclosed. The vendor was notified but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.