CVE-2025-52023

Name of the Vulnerable Software and Affected Versions gemscms versions prior to 2025-05-28

Description A flaw exists in the PHP backend of gemscms that permits unauthenticated remote attackers to initiate detailed error messages. These messages reveal internal file paths, code segments, and stack traces. The issue arises from specifically designed HTTP GET/POST requests directed at public API endpoints, potentially exposing sensitive data that could aid in further attacks. This is categorized as an information exposure issue due to error messages.

Recommendations Update gemscms to a version later than 2025-05-28.