A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.
CVSS Score
9.8
EPSS Score
0.181
Published
2022-01-21
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-21
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-01-21
MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.023
Published
2022-01-21
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
CVSS Score
9.8
EPSS Score
0.027
Published
2022-01-21
Page 2