Arbitrary File Read Vulnerability in MRCMS by MRCMS Team
CVE-2024-24161
7.5HIGH
What is CVE-2024-24161?
MRCMS version 3.0 presents an Arbitrary File Read vulnerability located in the /admin/file/edit.do endpoint. This flaw arises due to inadequate filtering of the incoming path parameter, potentially allowing attackers to access sensitive files on the server. The exploit can lead to unauthorized disclosure of confidential information, raising significant concerns for users relying on this content management system for secure data handling. Organizations using MRCMS 3.0 must ensure immediate remediation and implement security measures to mitigate this risk effectively.