CVE-2024-25828 - Vulnerability Details - OpenCVE

cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cmseasy	Cmseasy

Configuration 1 [-]

cpe:2.3:a:cmseasy:cmseasy:7.7.7.9:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/sec-Kode/cve

History

Thu, 03 Apr 2025 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cmseasy Cmseasy cmseasy
CPEs		cpe:2.3:a:cmseasy:cmseasy:7.7.7.9:::::::*
Vendors & Products		Cmseasy Cmseasy cmseasy

Mon, 19 Aug 2024 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-27
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-22T00:00:00

Updated: 2024-08-19T20:13:07.677Z

Reserved: 2024-02-12T00:00:00

Link: CVE-2024-25828

Vulnrichment

Updated: 2024-08-01T23:52:06.252Z

NVD

Status : Analyzed

Published: 2024-02-22T16:15:54.100

Modified: 2025-04-03T13:18:40.520

Link: CVE-2024-25828

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-25828", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-19T20:13:07.677Z", "dateReserved": "2024-02-12T00:00:00", "datePublished": "2024-02-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-22T16:03:19.653879"}, "descriptions": [{"lang": "en", "value": "cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/sec-Kode/cve"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.252Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/sec-Kode/cve", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-27", "lang": "en", "description": "CWE-27 Path Traversal: 'dir/../../filename'"}]}], "affected": [{"vendor": "cmseasy", "product": "cmseasy", "cpes": ["cpe:2.3:a:cmseasy:cmseasy:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.7.7.9", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-04T20:50:55.394251Z", "id": "CVE-2024-25828", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T20:13:07.677Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/sec-Kode/cve", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.252Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-25828", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T20:50:55.394251Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cmseasy:cmseasy:*:*:*:*:*:*:*:*"], "vendor": "cmseasy", "product": "cmseasy", "versions": [{"status": "affected", "version": "7.7.7.9"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-27", "description": "CWE-27 Path Traversal: 'dir/../../filename'"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T20:13:03.589Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/sec-Kode/cve"}], "descriptions": [{"lang": "en", "value": "cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-22T16:03:19.653879"}}}, "cveMetadata": {"cveId": "CVE-2024-25828", "state": "PUBLISHED", "dateUpdated": "2024-08-19T20:13:07.677Z", "dateReserved": "2024-02-12T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}