Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
MuYuCMS 2.7: Remote File Deletion Through Template Management
CVE-2025-15589
Summary
A security issue in MuYuCMS version 2.7 allows an attacker to delete files on the server by manipulating template management. This could potentially lead to data loss. Users should update to a patched version of the software as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| muyucms | muyucms | 2.7 | – |
Original title
A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. This manipul...
Original description
A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
4.7
nvd CVSS3.1
7.2
nvd CVSS4.0
5.1
Vulnerability type
CWE-22
Path Traversal
- https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe Exploit Third Party Advisory
- https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe#proof-of-conce... Exploit Third Party Advisory
- https://vuldb.com/?ctiid.336710 Permissions Required VDB Entry
- https://vuldb.com/?id.336710 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.702489 Third Party Advisory VDB Entry
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026