Description
A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-05-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13568 A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0007}

 epss

{'score': 0.00081}

Thu, 12 Jun 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared 74cms
74cms 74cms
CPEs cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:*
Vendors & Products 74cms
74cms 74cms

Tue, 06 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 06 May 2025 07:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title 74CMS index path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:P/I:N/A:N'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

74cms 74cms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-05-06T14:11:17.184Z

Reserved: 2025-05-05T15:04:29.266Z

Link: CVE-2025-4329

cve-icon Vulnrichment

Updated: 2025-05-06T14:11:06.247Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-06T07:15:49.013

Modified: 2025-06-12T17:24:19.030

Link: CVE-2025-4329

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses