Primary

Context

MCCMS Arbitrary File Deletion Vulnerability in Backups.php Component

Vulnerability

An arbitrary file deletion vulnerability has been identified in MCCMS version 2.7.0, specifically within the Backups.php component. This vulnerability allows attackers to delete any file on the server, potentially leading to the execution of arbitrary commands.

Impact

Exploitation of this vulnerability can disrupt the normal operation of the application or the underlying operating system.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the backup management feature. Create a backup file, which will be listed in the interface. After the backup is created, use the provided option to delete the backup file. This action will trigger the vulnerability, as the deletion request can be manipulated to remove arbitrary files from the server.

Added: Aug 21, 2025, 2:22 PM

Updated: Aug 21, 2025, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MCCMS Arbitrary File Deletion Vulnerability in Backups.php Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating