Vulnerabilities > CVE-2022-26271 - Files or Directories Accessible to External Parties vulnerability in 74Cms 3.4.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
74cms
CWE-552
NVD
Published: 2022-03-28
Updated: 2022-03-31

Summary

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.

Vulnerable Configurations

Part Description Count
Application
74Cms
1

Common Weakness Enumeration (CWE)

References