CVSS: 10.0EPSS: 22%CPEs: 1EXPL: 2CVE-2022-4375 – Mingsoft MCMS list sql injection
https://notcve.org/view.php?id=CVE-2022-4375
09 Dec 2022 — A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. • https://gitee.com/mingSoft/MCMS/issues/I61TG5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-707: Improper Neutralization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4350 – Mingsoft MCMS search.do cross site scripting
https://notcve.org/view.php?id=CVE-2022-4350
08 Dec 2022 — A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/mingSoft/MCMS/issues/I5MT8Y • CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36599
https://notcve.org/view.php?id=CVE-2022-36599
16 Aug 2022 — Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists. Se ha detectado que Mingsoft MCMS versión 5.2.8, contiene una vulnerabilidad de inyección SQL en /mdiy/model/delete URI por medio de models Lists. • https://gitee.com/mingSoft/MCMS/issues/I5I1P5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36272
https://notcve.org/view.php?id=CVE-2022-36272
16 Aug 2022 — Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. Se ha detectado que Mingsoft MCMS versión 5.2.8, contiene una vulnerabilidad de inyección SQL en /mdiy/page/verify URI por medio del parámetro fieldName. • https://github.com/ming-soft/MCMS/issues/97 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31943
https://notcve.org/view.php?id=CVE-2022-31943
01 Jul 2022 — MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. Se ha detectado que MCMS versión v5.2.8, contiene una vulnerabilidad de carga de archivos arbitraria • https://github.com/ming-soft/MCMS/issues/95 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29647
https://notcve.org/view.php?id=CVE-2022-29647
31 May 2022 — An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. Se ha detectado un problema en MCMS versión 5.2.7. Se presenta una vulnerabilidad de tipo CSRF que puede añadir una cuenta de administrador por medio del archivo ms/basic/manager/save.do • https://gist.github.com/aaaahuia/f708c6c8a320e0f3afbb9247903c4670 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30506
https://notcve.org/view.php?id=CVE-2022-30506
27 May 2022 — An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. Se ha detectado una vulnerabilidad de carga de archivos arbitraria en MCMS versión 5.2.7, que permite a un atacante ejecutar código arbitrario mediante un archivo ZIP diseñado • https://gitee.com/mingSoft/MCMS/issues/I56AID • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30048
https://notcve.org/view.php?id=CVE-2022-30048
11 May 2022 — Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. Se ha detectado que Mingsoft MCMS versión 5.2.7, contiene una vulnerabilidad de inyección SQL en /mdiy/dict/list URI por medio del parámetro orderBy • https://gitee.com/mingSoft/MCMS/issues/I54VG0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30047
https://notcve.org/view.php?id=CVE-2022-30047
11 May 2022 — Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. Se ha detectado que Mingsoft MCMS versión v5.2.7, contiene una vulnerabilidad de inyección SQL en el URI /mdiy/dict/listExcludeApp por medio del parámetro orderBy • https://gitee.com/mingSoft/MCMS/issues/I54VLM • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27466
https://notcve.org/view.php?id=CVE-2022-27466
02 May 2022 — MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. Se ha detectado que MCMS versión v5.2.27, contiene una vulnerabilidad de inyección SQL en el parámetro orderBy en /dict/list.do • https://github.com/ming-soft/MCMS/issues/90 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •