An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request.
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mccms | Chshcms | 2.7 (including) | 2.7 (including) |