Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.
Metrics
Affected Vendors & Products
References
History
Fri, 11 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mecha-cms mecha
|
|
CPEs | cpe:2.3:a:mecha-cms:mecha:3.0.0:*:*:*:*:*:*:* | |
Vendors & Products |
Mecha-cms mecha
|
Mon, 07 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mecha-cms
Mecha-cms mecha Cms |
|
Weaknesses | CWE-22 | |
CPEs | cpe:2.3:a:mecha-cms:mecha_cms:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mecha-cms
Mecha-cms mecha Cms |
|
Metrics |
cvssV3_1
|
Mon, 07 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-07T00:00:00
Updated: 2024-10-07T19:20:25.373Z
Reserved: 2024-09-11T00:00:00
Link: CVE-2024-46446
Vulnrichment
Updated: 2024-10-07T19:15:18.697Z
NVD
Status : Analyzed
Published: 2024-10-07T16:15:05.620
Modified: 2024-10-11T13:04:46.337
Link: CVE-2024-46446
Redhat
No data.