Primary

Context

MrCms Vertical Privilege Escalation Vulnerability Allowing Arbitrary User Deletion

Vulnerability

A vertical privilege escalation vulnerability has been identified in MrCms version 3.1.2, specifically within the UserController component. This vulnerability allows attackers to delete users arbitrarily by sending a crafted request, without any permission validation. The issue arises because the deletion function can be executed as long as the user ID exists in the system, leaving room for unauthorized user management.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of user accounts.

Reproduction

To reproduce this vulnerability, intercept the request made when clicking the 'Delete' button for a user. The absence of a cookie is not a barrier, as the request can still successfully delete users. This demonstrates that the deletion process lacks proper authorization checks, allowing any user to be removed as long as their ID is provided.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MrCms Vertical Privilege Escalation Vulnerability Allowing Arbitrary User Deletion

Vulnerability

Impact

Reproduction

Affected Products

MRCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating