CVE-2025-1335 | CmsEasy 7.7.7.9 lib/admin/file_admin.php deleteimg_action imgname path traversal

CVE-2025-1335 | CmsEasy 7.7.7.9 lib/admin/file_admin.php deleteimg_action imgname path traversal

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. This vulnerability is traded as CVE-2025-1335. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.