exploitDog

CVE-2024-46446

Опубликовано: 07 окт. 2024

Источник: nvd

CVSS3: 9.8

CVSS3: 9.1

EPSS Низкий

Описание

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.

Ссылки

http://mecha-cmscom.com
Broken Link
https://github.com/Sp1d3rL1/Mecha-cms-Arbitrary-File-Deletion-Vulnerability
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mecha-cms:mecha:3.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00098

Низкий

9.8 Critical

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-xq72-m3h5-wf3q

CVSS3: 9.1

github

больше 1 года назад

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.

EPSS

Процентиль: 27%

0.00098

Низкий

9.8 Critical

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-22

CWE-22