CVE-2025-5328

Medium CVSS: 5.3

A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Chshcms

Product

Mccms

CWE

CWE-22

Yayın Tarihi

2025-05-29 21:15:26

Güncelleme

2025-06-10 15:14:10

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-22 Mccms MEDIUM Chshcms 2025

Referanslar

https://github.com/caigo8/CVE-md/blob/main/Mccms_V2.7/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md https://vuldb.com/?ctiid.310498 https://vuldb.com/?id.310498 https://vuldb.com/?submit.582297 https://github.com/caigo8/CVE-md/blob/main/Mccms_V2.7/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md

Benzer Kayıtlar

Medium

CVE-2025-51818

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. This allows an attacker to execute ar…

Medium

CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where…

Medium

CVE-2025-51651

An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attack…

Medium

CVE-2025-5327

A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of t…