CVE-2025-51651

Medium

An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download…

mitre·CWE-598·Published 2025-07-14

CVSS

5.5

EPSS

0.00

KEV

Exploits

cve.orgen

178 chars

An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request.

NVDen

178 chars

An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request.

Una vulnerabilidad de descarga arbitraria de archivos autenticados en el componente /admin/Backups.php de Mccms v2.7.0 permite a los atacantes descargar archivos arbitrarios a través de una solicitud GET manipulada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.5	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
3.1	Primary	cve.org	5.5	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
3.1	Secondary	NVD	5.5	2.1	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L