Skip to main content

Mrcms CVE-2024-24161

HIGH
Files or Directories Accessible to External Parties (CWE-552)
2024-02-02 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 02, 2024 - 16:15 nvd
HIGH 7.5

DescriptionNVD

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.

AnalysisAI

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-552. MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. Affected products include: Mrcms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Mrcms

View all
CVE-2024-48177 HIGH POC
8.8 Oct 28

MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do. Rated high severit

CVE-2024-25428 MEDIUM POC
6.5 Feb 20

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.

CVE-2025-25768 MEDIUM POC
5.4 Feb 21

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\D

CVE-2024-24160 MEDIUM POC
5.4 Feb 02

MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. Rated medium severity (CVSS

CVE-2025-4327 MEDIUM POC
5.3 May 06

A vulnerability was found in MRCMS 3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,

CVE-2025-4325 MEDIUM POC
4.8 May 06

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. Rated medium severity (CVSS 4.8), this vuln

CVE-2025-50581 MEDIUM POC
4.8 Jul 18

Stored cross-site scripting in MRCMS 3.1.2's admin group management endpoint allows an authenticated administrator to in

CVE-2025-25766 MEDIUM POC
4.8 Feb 21

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute ar

CVE-2025-4326 MEDIUM POC
4.8 May 06

A vulnerability was found in MRCMS 3.1.2 and classified as problematic.do of the component Add Fragment Page. Rated medi

CVE-2025-4324 MEDIUM POC
4.8 May 06

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), this v

CVE-2025-4323 MEDIUM POC
4.8 May 06

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), t

CVE-2025-4293 MEDIUM POC
4.8 May 05

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerabi

Share

CVE-2024-24161 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy