CVE-2025-51651
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-17
Assigner: MITRE
Description
Description
An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chshcms | mccms | 2.7 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-598 | The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authenticated arbitrary file download issue in the /admin/Backups.php component of Mccms version 2.7.0. It allows attackers who have authentication to craft a GET request that can download arbitrary files from the system.
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to download sensitive or critical files from the server, potentially exposing confidential information or system data, which could lead to further exploitation or data breaches.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70