Shodan
Vulnerabilities
Vulnerable Software
Mingsoft:  Security Vulnerabilities
CVE-2021-46063
MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
CVSS Score
9.1
EPSS Score
0.107
Published
2022-02-18
CVE-2021-46037
MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-02-18
CVE-2021-46036
An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.108
Published
2022-02-18
CVE-2021-44868
A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do
CVSS Score
9.8
EPSS Score
0.007
Published
2022-02-17
CVE-2021-46385
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-26
CVE-2021-46383
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-26
CVE-2021-46386
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.
CVSS Score
9.8
EPSS Score
0.064
Published
2022-01-26
CVE-2022-22930
A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.
CVSS Score
9.8
EPSS Score
0.107
Published
2022-01-21
CVE-2022-23314
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-21
CVE-2022-23315
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-01-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved