📦 Mrcms

MRCMS 3.1.2 contains a SQL injection vulnerability in the article deletion endpoint that allows attackers to execute arbitrary SQL commands. This affects administrators or users with access to the adm...

MRCMS 3.0 contains an arbitrary file read vulnerability in the /admin/file/edit.do endpoint where the path parameter is not properly filtered. This allows authenticated attackers to read sensitive fil...

MRCMS v3.1.2 contains a server-side template injection vulnerability in DispatcherServlet.java that allows attackers to execute arbitrary code on the server. This affects all systems running the vulne...

MRCMS v3.1.2 contains an arbitrary file write vulnerability in the /file/save.do component that allows attackers to write arbitrary files to the server. This affects all systems running MRCMS v3.1.2. ...