qflksheep/CVE-2026-29909-MRCMS-vulnerability
GitHub
Releases0
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The `/admin/file/list.do` endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 5.3 MEDIUM | — | ||
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials. | |||