Home > Vulnerability Database > CVE-2024-46446

Mend.io Vulnerability Database

CVE-2024-46446

Date: October 6, 2024

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover.

Language: PHP

Severity Score

9.1

Related Resources (4)

Url: http://mecha-cmscom.com

Url: https://github.com/Sp1d3rL1/Mecha-cms-Arbitrary-File-Deletion-Vulnerability

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-46446

Url: https://www.mend.io/vulnerability-database/CVE-2024-46446

Severity Score

9.1

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-46446

Date: October 6, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?