CVE-2025-25768

Medium CVSS: 5.4

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

Vendor

Mrcms

Product

Mrcms

CWE

CWE-77

Yayın Tarihi

2025-02-21 19:15:14

Güncelleme

2025-04-04 15:26:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Mrcms MEDIUM Mrcms 2025

Referanslar

https://flowus.cn/share/8838861d-0b32-4314-a13d-edb22b72cebc

Benzer Kayıtlar

Medium

CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/f…

Medium

CVE-2025-50581

MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do…

Medium

CVE-2025-4327

A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The ma…

Medium

CVE-2025-4326

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of th…

Medium

CVE-2025-4325

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of…

Medium

CVE-2025-4324

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file…