Mingsoft: Security Vulnerabilities
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-22
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.
CVSS Score
9.8
EPSS Score
0.338
Published
2022-04-05
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΒΆΒΆ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.
CVSS Score
9.8
EPSS Score
0.097
Published
2022-03-04
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
CVSS Score
9.8
EPSS Score
0.828
Published
2022-03-03
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-03-03
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.
CVSS Score
9.8
EPSS Score
0.828
Published
2022-03-03
MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-02-18
MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
CVSS Score
9.1
EPSS Score
0.107
Published
2022-02-18
MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-02-18
An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.108
Published
2022-02-18