CVE-2026-31272

all versions

MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserContro

9.8CRITICAL

CVE-2026-29909

all versions

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.d

5.3MEDIUM

CVE-2025-50581

all versions

MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do.

4.8MEDIUM

CVE-2025-4327

all versions

A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation

4.3MEDIUM

CVE-2025-4326

all versions

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /ad

2.4LOW

CVE-2025-4325

all versions

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /

2.4LOW

CVE-2025-4324

all versions

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/li

2.4LOW

CVE-2025-4323

all versions

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functi

2.4LOW

CVE-2025-4293

all versions

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of th

2.4LOW

CVE-2025-4292

all versions

A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown function

2.4LOW

CVE-2025-2196

all versions

A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function uplo

3.5LOW

CVE-2025-2195

all versions

A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admi

3.5LOW

CVE-2025-2194

all versions

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/fi

3.5LOW

CVE-2025-2193

all versions

A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the fi

5.4MEDIUM

CVE-2025-25768

all versions

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherS

5.4MEDIUM

CVE-2025-25767

all versions

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to

4.8MEDIUM

CVE-2025-25766

all versions

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary co

4.8MEDIUM

CVE-2025-25765

all versions

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do.

4.0MEDIUM

CVE-2024-48177

all versions

MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do.

8.8HIGH

CVE-2024-25428

all versions

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.

6.5MEDIUM

CVE-2024-24161

all versions

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.

7.5HIGH

CVE-2024-24160

all versions

MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.

5.4MEDIUM