CVE-2024-46446

Published: Oct 7, 2024

Modified: Oct 7, 2024

PUBLISHED

Description

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://mecha-cmscom.com

https://github.com/Sp1d3rL1/Mecha-cms-Arbitrary-File-Deletion-Vulnerability

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-46446

Description

Affected Products

References