Skip to main content

Mrcms CVE-2024-25428

MEDIUM
SQL Injection (CWE-89)
2024-02-20 cve@mitre.org
6.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 20, 2024 - 22:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.

AnalysisAI

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. Affected products include: Mrcms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

More in Mrcms

View all
CVE-2024-48177 HIGH POC
8.8 Oct 28

MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do. Rated high severit

CVE-2024-24161 HIGH POC
7.5 Feb 02

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not fil

CVE-2025-25768 MEDIUM POC
5.4 Feb 21

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\D

CVE-2024-24160 MEDIUM POC
5.4 Feb 02

MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. Rated medium severity (CVSS

CVE-2025-4327 MEDIUM POC
5.3 May 06

A vulnerability was found in MRCMS 3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable,

CVE-2025-4325 MEDIUM POC
4.8 May 06

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. Rated medium severity (CVSS 4.8), this vuln

CVE-2025-50581 MEDIUM POC
4.8 Jul 18

Stored cross-site scripting in MRCMS 3.1.2's admin group management endpoint allows an authenticated administrator to in

CVE-2025-25766 MEDIUM POC
4.8 Feb 21

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute ar

CVE-2025-4326 MEDIUM POC
4.8 May 06

A vulnerability was found in MRCMS 3.1.2 and classified as problematic.do of the component Add Fragment Page. Rated medi

CVE-2025-4324 MEDIUM POC
4.8 May 06

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), this v

CVE-2025-4323 MEDIUM POC
4.8 May 06

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Rated medium severity (CVSS 4.8), t

CVE-2025-4293 MEDIUM POC
4.8 May 05

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerabi

Share

CVE-2024-25428 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy