CVE-2026-29909

Medium CVSS: 5.3

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials.

Vendor

Mrcms

Product

Mrcms

CWE

CWE-20

Yayın Tarihi

2026-03-30 17:16:15

Güncelleme

2026-04-02 17:11:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-20 Mrcms MEDIUM Mrcms 2026

Referanslar

https://github.com/qflksheep/CVE-2026-29909-MRCMS-vulnerability/blob/main/README.md https://github.com/wuweiit/mushroom

Benzer Kayıtlar

Medium

CVE-2025-50581

MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do…

Medium

CVE-2025-4327

A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The ma…

Medium

CVE-2025-4326

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of th…

Medium

CVE-2025-4325

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of…

Medium

CVE-2025-4324

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file…

Medium

CVE-2025-4323

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unkn…