Mrcms
Sign in to watchby Mrcms
Source repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-31272 | Cri | 0.64 | 9.8 | 0.00 | Apr 7, 2026 | MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication. | |
| CVE-2026-29909 | Med | 0.34 | 5.3 | 0.00 | Mar 30, 2026 | MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials. |