Mrcms
by Mrcms
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25428 | 0.00 | — | 0.00 | Feb 20, 2024 | SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. | |||
| CVE-2024-24161 | 0.00 | — | 0.01 | Feb 2, 2024 | MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. | |||
| CVE-2024-24160 | 0.00 | — | 0.00 | Feb 2, 2024 | MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. |
- CVE-2024-25428Feb 20, 2024risk 0.00cvss —epss 0.00
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.
- CVE-2024-24161Feb 2, 2024risk 0.00cvss —epss 0.01
MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.
- CVE-2024-24160Feb 2, 2024risk 0.00cvss —epss 0.00
MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.
Page 2 of 2