MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-02-21
MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-02-21
An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-02-21
MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-10-28
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.
CVSS Score
6.5
EPSS Score
0.01
Published
2024-02-20
Page 2