CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-46385

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2021-46385

Mingsoft » Mcms » Version: 4.6.3

cpe:2.3:a:mingsoft:mcms:4.6.3
Mingsoft » Mcms » Version: 4.6.4

cpe:2.3:a:mingsoft:mcms:4.6.4
Mingsoft » Mcms » Version: 4.6.5

cpe:2.3:a:mingsoft:mcms:4.6.5
Mingsoft » Mcms » Version: 4.7.0

cpe:2.3:a:mingsoft:mcms:4.7.0
Mingsoft » Mcms » Version: 4.7.1

cpe:2.3:a:mingsoft:mcms:4.7.1
Mingsoft » Mcms » Version: 4.7.2

cpe:2.3:a:mingsoft:mcms:4.7.2
Mingsoft » Mcms » Version: 5.0

cpe:2.3:a:mingsoft:mcms:5.0
Mingsoft » Mcms » Version: 5.1

cpe:2.3:a:mingsoft:mcms:5.1
Mingsoft » Mcms » Version: 5.2

cpe:2.3:a:mingsoft:mcms:5.2
Mingsoft » Mcms » Version: 5.2.1

cpe:2.3:a:mingsoft:mcms:5.2.1
Mingsoft » Mcms » Version: 5.2.2

cpe:2.3:a:mingsoft:mcms:5.2.2
Mingsoft » Mcms » Version: 5.2.3

cpe:2.3:a:mingsoft:mcms:5.2.3
Mingsoft » Mcms » Version: 5.2.4

cpe:2.3:a:mingsoft:mcms:5.2.4
Mingsoft » Mcms » Version: 5.2.5

cpe:2.3:a:mingsoft:mcms:5.2.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-46385

Products

Pricing

Contact Us