Use of GET Request Method With Sensitive Query Strings

CVE-2025-51651

Medium

5.5/10

Summary

An authenticated arbitrary file download vulnerability in the component /admin/Backups.php of Mccms v2.7.0 allows attackers to download arbitrary files via a crafted GET request.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-598 - Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

References

Advisory Timeline

Published Jul 14, 2025

Use of GET Request Method With Sensitive Query Strings

CVE-2025-51651

Summary

CWE-598 - Use of GET Request Method With Sensitive Query Strings

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS