CVE-2024-3216317.04.2024, 19:15CMSeasy 7.7.7.9 is vulnerable to code execution.Path TraversalEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.4 MEDIUMLOCALHIGHHIGHCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HmitreCNA------CISA-ADPADP6.4 MEDIUMLOCALHIGHHIGHCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 13%VendorProductVersioncmseasycmseasy7.7.7.9𝑥= Vulnerable software versionsKnown Exploits!https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/CMSeasy_7.7.7.9_code_execution.mdhttps://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/CMSeasy_7.7.7.9_code_execution.mdCommon Weakness EnumerationCWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Referenceshttps://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/CMSeasy_7.7.7.9_code_execution.mdhttps://www.cmseasy.cn/https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/CMSeasy_7.7.7.9_code_execution.mdhttps://www.cmseasy.cn/