Mccms

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-51818 MEDIUM POC This Month

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Mccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-50234 MEDIUM POC This Week

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Microsoft SSRF Privilege Escalation +3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51651 MEDIUM POC This Month

A arbitrary file access vulnerability in the component /admin/Backups.php of Mccms (CVSS 5.5) that allows attackers. Risk factors: public PoC available.

PHP Information Disclosure Mccms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-5328 MEDIUM POC This Month

A vulnerability was found in chshcms mccms 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Mccms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-5327 MEDIUM POC This Month

A vulnerability was found in chshcms mccms 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-51818
EPSS 0% CVSS 5.4
MEDIUM POC This Month

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure +1
NVD GitHub
CVE-2025-50234
EPSS 0% CVSS 6.5
MEDIUM POC This Week

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Microsoft +5
NVD GitHub
CVE-2025-51651
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A arbitrary file access vulnerability in the component /admin/Backups.php of Mccms (CVSS 5.5) that allows attackers. Risk factors: public PoC available.

PHP Information Disclosure Mccms
NVD GitHub
CVE-2025-5328
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in chshcms mccms 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Mccms
NVD GitHub VulDB
CVE-2025-5327
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in chshcms mccms 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy