Vulnerabilities > CVE-2024-24161 - Files or Directories Accessible to External Parties vulnerability in Mrcms 3.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mrcms
CWE-552
NVD
Published: 2024-02-02
Updated: 2024-02-06

Summary

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.

Vulnerable Configurations

Part Description Count
Application
Mrcms
1

Common Weakness Enumeration (CWE)

References