Wangl1989: >> Mysiteforme >> 2022-12-19 Security Vulnerabilities
A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-03-04
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-01-15
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-01-15
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-15
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-01-15
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-01-15
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-01-15