CVE Details
Basic Information
| Title | chshcms mccms Backups.php restore_del path traversal |
|---|---|
| Type | cve |
| Published | 2025-05-29T21:00:06.617Z |
| Last Seen |
Product Information
| Vendor | chshcms |
|---|---|
| Product | mccms |
| Version | 2.7 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A path traversal vulnerability in chshcms mccms 2.7 allows remote attackers to delete arbitrary files via the ‘dirs’ argument in the restore_del function of Backups.php. |
|---|---|
| AI Severity | Medium |
| Vendor | chshcms |
| Product | mccms |
| Affected Version | 2.7 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-22 |
| Bulletin Family | |
| Source Data | chshcms mccms 2.7 |
Source Information
| Source Data | chshcms mccms 2.7 |
|---|---|
| Source Link |
Description
A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)