Arbitrary File Read Vulnerability in MRCMS by MRCMS Team
CVE-2024-24161

7.5HIGH

Key Information:

Vendor

Mrcms

Status
Vendor
CVE Published:
2 February 2024

What is CVE-2024-24161?

MRCMS version 3.0 presents an Arbitrary File Read vulnerability located in the /admin/file/edit.do endpoint. This flaw arises due to inadequate filtering of the incoming path parameter, potentially allowing attackers to access sensitive files on the server. The exploit can lead to unauthorized disclosure of confidential information, raising significant concerns for users relying on this content management system for secure data handling. Organizations using MRCMS 3.0 must ensure immediate remediation and implement security measures to mitigate this risk effectively.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.