| Title | mrcms v3.1.2 vertical privilege escalation vulnerability |
|---|
| Description | There is a vertical privilege escalation vulnerability in MRCMS v3.1.2 at /admin/file/delete, which allows attackers to delete any website file without logging in by constructing a request. |
|---|
| Source | ⚠️ https://github.com/IceFoxH/VULN/issues/1 |
|---|
| User | icefoxh (UID 82165) |
|---|
| Submission | 02/28/2025 16:27 (1 Year ago) |
|---|
| Moderation | 03/11/2025 08:03 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 299218 [MRCMS 3.1.2 org.marker.mushroom.controller.FileController /admin/file/delete.do delete path/name path traversal] |
|---|
| Points | 16 |
|---|