PT-2025-29491 · Mccms · Mccms
Published
2025-07-14
·
Updated
2025-07-14
·
CVE-2025-51651
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
Mccms version 2.7.0
Description:
An authenticated arbitrary file download issue exists in the
/admin/Backups.php component. Attackers can download arbitrary files by sending a crafted GET request.Recommendations:
Apply a fix for Mccms version 2.7.0 to address the arbitrary file download issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mccms