H3rmesk1t

4 exploits Active since May 2024
CVE-2024-34314 WRITEUP MEDIUM WRITEUP
CmsEasy 7.7.7.9 - Local File Inclusion via fetch_action Method
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
CVSS 4.9
CVE-2024-34315 WRITEUP HIGH WRITEUP
CmsEasy <7.7.7.9 - Local File Inclusion
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
CVSS 7.5
CVE-2025-22983 WRITEUP HIGH WRITEUP
iceCMS 2.2.0 - Unauthenticated Sensitive Information Exposure via /square/getAllSquare/circle Endpoint
An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.
CVSS 7.5
CVE-2025-2638 WRITEUP MEDIUM WRITEUP
jizhicms < 1.7 - Incorrect Privilege Assignment in Article Handler
A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3