Mingsoft: Security Vulnerabilities
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-04-21
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.
CVSS Score
8.1
EPSS Score
0.016
Published
2024-09-03
File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.
CVSS Score
8.8
EPSS Score
0.013
Published
2024-02-05
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-01-16
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-30
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.
CVSS Score
3.5
EPSS Score
0.062
Published
2023-07-28
File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-08
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.
CVSS Score
9.8
EPSS Score
0.036
Published
2023-04-04
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-01-26
A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-21
Page 1