CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.
References
Link Resource
https://github.com/wy876/cve/issues/2 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mrcms:mrcms:3.0:*:*:*:*:*:*:*

History

06 Feb 2024, 21:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://github.com/wy876/cve/issues/2 - () https://github.com/wy876/cve/issues/2 - Exploit, Issue Tracking, Third Party Advisory
CPE cpe:2.3:a:mrcms:mrcms:3.0:*:*:*:*:*:*:*
CWE CWE-552
First Time Mrcms mrcms
Mrcms

02 Feb 2024, 16:30

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-02 16:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-24161

Mitre link : CVE-2024-24161

CVE.ORG link : CVE-2024-24161


JSON object : View

Products Affected

mrcms

  • mrcms
CWE
CWE-552

Files or Directories Accessible to External Parties