CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-27340

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://github.com/UDKI11/vul/blob/main/Mcms%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0.docx
https://github.com/ming-soft/MCMS
https://github.com/UDKI11/vul/blob/main/Mcms%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0.docx
https://github.com/ming-soft/MCMS

Products affected by CVE-2022-27340

Mingsoft » Mcms » Version: 5.2.7

cpe:2.3:a:mingsoft:mcms:5.2.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-27340

Products

Pricing

Contact Us