CVE-2024-24161 – MRCMS 3.0 contains an arbitrary file read vulne... (How to Fix)

Q: What is the severity of CVE-2024-24161?

CVE-2024-24161 has a CVSS score of 7.5 (HIGH). MRCMS 3.0 contains an arbitrary file read vulnerability in the /admin/file/edit.do endpoint where the path parameter is not properly filtered. This allows authenticated attackers to read sensitive files from the server filesystem. Organizations running MRCMS 3.0 with the admin interface exposed are affected.

📋 TL;DR

MRCMS 3.0 contains an arbitrary file read vulnerability in the /admin/file/edit.do endpoint where the path parameter is not properly filtered. This allows authenticated attackers to read sensitive files from the server filesystem. Organizations running MRCMS 3.0 with the admin interface exposed are affected.

💻 Affected Systems

Products:

MRCMS

Versions: 3.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin authentication to access the vulnerable endpoint.

📦 What is this software?

Mrcms by Mrcms

View all CVEs affecting Mrcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration files, database credentials, SSH keys, or other critical system files, potentially leading to full system compromise.

🟠

Likely Case

Attackers with admin access could read application configuration files containing database credentials or other sensitive information.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to the web application directory only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin credentials but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to restrict path parameter to allowed directories only

Implement path traversal filters in /admin/file/edit.do endpoint

Web Application Firewall Rule

all

Block requests containing directory traversal sequences to the vulnerable endpoint

WAF rule: Block requests to /admin/file/edit.do containing '../' or similar traversal patterns

🧯 If You Can't Patch

Restrict network access to admin interface using firewall rules
Implement strict access controls and monitor admin user activities

🔍 How to Verify

Check if Vulnerable:

Test authenticated access to /admin/file/edit.do with path traversal payloads like '../../etc/passwd'

Check Version:

Check MRCMS version in admin panel or configuration files

Verify Fix Applied:

Verify that path traversal attempts return error messages instead of file contents

📡 Detection & Monitoring

Log Indicators:

Multiple failed file read attempts
Requests to /admin/file/edit.do with unusual path parameters

Network Indicators:

HTTP requests containing directory traversal sequences to admin endpoints

SIEM Query:

web.url:*file/edit.do AND (web.uri:*../* OR web.uri:*..\*)

📊 Metadata

CVE ID: CVE-2024-24161

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-552

Published: February 2, 2024

Last Updated: June 12, 2025

🔗 References

https://github.com/wy876/cve/issues/2 Exploit,Issue Tracking,Third Party Advisory
https://github.com/wy876/cve/issues/2 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24161, you might also want to check these: