CVE-2025-5328
Path traversal vulnerability in chshcms mccms 2.7
Overview
A critical vulnerability was identified in chshcms mccms 2.7. This vulnerability, found in the restore_del function in the file /sys/apps/controllers/admin/Backups.php, allows for path traversal. The attack can be initiated remotely, without any user interaction.
Technical Details
The vulnerability lies in manipulation of the argument dirs in the restore_del function. This leads to path traversal, allowing unauthorized access to directories and files in the system. The vendor was contacted but did not respond.
CVSS Metrics
- baseScore: 5.4
- baseSeverity: MEDIUM
- attackVector: NETWORK
- attackComplexity: LOW
- attackRequirements: NONE
- privilegesRequired: LOW
- userInteraction: NONE
- scope: UNCHANGED
- confidentialityImpact: NONE
- integrityImpact: LOW
- availabilityImpact: LOW
- exploitabilityScore: 2.8
Impact
The vulnerability can lead to unauthorized access to files and data, interfering with the system's integrity.
Recommendations
It is recommended to limit the access to inputs and limit the permissions of the directories and files, avoiding them to be manipulated inappropriately.
Threat Metrics
- "cvss_score": 5.4
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"