Qflksheep

**Name of the Vulnerable Software and Affected Versions** MRCMS version 3.1.2 **Description** The software contains an unauthenticated directory enumeration issue within the file management module. The `/admin/file/list.do` API endpoint does not have authentication checks or proper input validation, which allows remote attackers to list directory contents on the server without needing to log in. The vulnerable parameter is not specified. **Recommendations** Apply updates to address the issue in MRCMS version 3.1.2. As a temporary workaround, restrict access to the `/admin/file/list.do` API endpoint.