CVE-2024-32162
CVE-2024-32162 is a medium-severity vulnerability in Cmseasy with a CVSS 3.x base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-791.
Key facts
- Severity: Medium (CVSS 3.x base score 4.3)
- EPSS exploit prediction: 0% (32nd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-29981
- Weakness: CWE-791
- Affected product: Cmseasy
- Published:
- Last modified:
Description
CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.
Frequently asked questions
- What is CVE-2024-32162?
- CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.
- How severe is CVE-2024-32162?
- CVE-2024-32162 has a CVSS 3.x base score of 4.3, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity low, and availability none.
- Is CVE-2024-32162 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (32nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2024-32162?
- CVE-2024-32162 affects Cmseasy. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2024-32162?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2024-32162 have an EU (EUVD) identifier?
- Yes. CVE-2024-32162 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-29981.
- When was CVE-2024-32162 published?
- CVE-2024-32162 was published on 2024-04-17 and last updated on 2026-07-05.
References
- https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/CMSeasy_7.7.7_file_deletion.md
- http://cmseasy.com
Affected products (1)
- cpe:2.3:a:cmseasy:cmseasy:7.7.7.9:*:*:*:*:*:*:*
More vulnerabilities in Cmseasy
- CVE-2023-34880 — Critical (CVSS 9.8): cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at…
- CVE-2021-42643 — High (CVSS 8.8): cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script…
- CVE-2018-11679 — High (CVSS 8.8): An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via…
- CVE-2024-34315 — High (CVSS 7.5): CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in…
- CVE-2024-31551 — High (CVSS 7.5): Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete…
- CVE-2020-18406 — High (CVSS 7.5): An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of…
Other CWE-791 vulnerabilities
- CVE-2025-0324 — Critical (CVSS 9.4): The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to…
- CVE-2024-47590 — High (CVSS 8.8): An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated…
- CVE-2026-44232 — High (CVSS 8.7): DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.0.3,…
- CVE-2022-2132 — High (CVSS 8.6): A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of…
- CVE-2024-45481 — High (CVSS 8.5): An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may…
- CVE-2026-11998 — High (CVSS 7.6): A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and…