ftcms CVE Vulnerabilities & Metrics

Focus on ftcms vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About ftcms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with ftcms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total ftcms CVEs: 8
Earliest CVE date: 11 May 2022, 18:15 UTC
Latest CVE date: 10 Mar 2025, 00:15 UTC

Latest CVE reference: CVE-2025-2133

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical ftcms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.89

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	4
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS ftcms CVEs

These are the five CVEs with the highest CVSS scores for ftcms, sorted by severity first and recency.

CVE-2022-30063 ftcms Published on 11 May 2022, 19:15 UTC (CVSS: 7.5)
ftcms <=2.1 was discovered to be vulnerable to code execution attacks .
CVE-2022-30060 ftcms Published on 11 May 2022, 18:15 UTC (CVSS: 6.5)
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php
CVE-2025-2132 ftcms Published on 09 Mar 2025, 23:15 UTC (CVSS: 5.8)
A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure b...
CVE-2022-30062 ftcms Published on 11 May 2022, 18:15 UTC (CVSS: 4.0)
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php
CVE-2022-30061 ftcms Published on 11 May 2022, 18:15 UTC (CVSS: 4.0)
ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp.

All CVEs for ftcms

CVE-2025-2133 ftcms vulnerability CVSS: 3.3 10 Mar 2025, 00:15 UTC

A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-2132 ftcms vulnerability CVSS: 5.8 09 Mar 2025, 23:15 UTC

A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2022-37731 ftcms vulnerability CVSS: 0 07 Sep 2022, 15:15 UTC

ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing.

CVE-2022-37730 ftcms vulnerability CVSS: 0 07 Sep 2022, 15:15 UTC

In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge.

CVE-2022-30063 ftcms vulnerability CVSS: 7.5 11 May 2022, 19:15 UTC

ftcms <=2.1 was discovered to be vulnerable to code execution attacks .

CVE-2022-30062 ftcms vulnerability CVSS: 4.0 11 May 2022, 18:15 UTC

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php

CVE-2022-30061 ftcms vulnerability CVSS: 4.0 11 May 2022, 18:15 UTC

ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp.

CVE-2022-30060 ftcms vulnerability CVSS: 6.5 11 May 2022, 18:15 UTC

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php