CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51282
https://notcve.org/view.php?id=CVE-2023-51282
16 Jan 2024 — An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. Un problema en mingSoft MCMS v.5.2.4 permite a un atacante remoto obtener información confidencial a través de un script manipulado para el parámetro de password. • https://gitee.com/mingSoft/MCMS/issues/I4Q4NV • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3990 – Mingsoft MCMS HTTP POST Request search.do cross site scripting
https://notcve.org/view.php?id=CVE-2023-3990
28 Jul 2023 — A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/mingSoft/MCMS/issues/I7K4DQ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22755
https://notcve.org/view.php?id=CVE-2020-22755
08 May 2023 — File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. • https://github.com/ming-soft/MCMS • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20913
https://notcve.org/view.php?id=CVE-2020-20913
04 Apr 2023 — SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. • https://github.com/ming-soft/MCMS/issues/27 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 22%CPEs: 1EXPL: 2CVE-2022-4375 – Mingsoft MCMS list sql injection
https://notcve.org/view.php?id=CVE-2022-4375
09 Dec 2022 — A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. • https://gitee.com/mingSoft/MCMS/issues/I61TG5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-707: Improper Neutralization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46384
https://notcve.org/view.php?id=CVE-2021-46384
04 Mar 2022 — https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. https://gitee.com/mingSoft/MCMS MCMS versiones anteriores a 5.2.5 incluyéndola, está afectado por: RCE. • https://gitee.com/mingSoft/MCMS/issues/I4QZ1O • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2022-25125
https://notcve.org/view.php?id=CVE-2022-25125
03 Mar 2022 — MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. Se ha detectado que MCMS versión v5.2.4, contiene una vulnerabilidad de inyección SQL por medio de search.do en el archivo /mdiy/dict/listExcludeApp • https://gitee.com/mingSoft/MCMS/issues/I4TGYI • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2022-23898
https://notcve.org/view.php?id=CVE-2022-23898
03 Mar 2022 — MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de inyección SQL por medio del parámetro categoryId en el archivo IContentDao.xml • https://github.com/ming-soft/MCMS/issues/62 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23899
https://notcve.org/view.php?id=CVE-2022-23899
03 Mar 2022 — MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de inyección SQL por medio de search.do en el archivo /web/MCmsAction.java • https://github.com/ming-soft/MCMS/issues/63 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 4CVE-2021-46063
https://notcve.org/view.php?id=CVE-2021-46063
18 Feb 2022 — MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de inyección de plantillas del lado del servidor (SSTI) por medio del módulo de administración de plantillas • https://github.com/miguelc49/CVE-2021-46063-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •