edit-icon download-icon

[Vulnerability notice] Background logon bypass vulnerability in CmsEasy

Last Updated: Nov 08, 2017

Description

CmsEasy is a web content management system based on PHP + MySQL architecture, but also a PHP development platform. The early versions of CmsEasy’s background logon page have less rigorous logic. As a result, visitors can access parts of backend pages without an account and password, and then get access to permissions for the entire website.

Fix

Upgrade CmsEasy to the latest version from the CmsEasy official website.

Thank you! We've received your feedback.