CVE-2021-46037
https://notcve.org/view.php?id=CVE-2021-46037
MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do. Se ha detectado que MCMS versión v5.2.4, contiene una vulnerabilidad de eliminación arbitraria de archivos por medio del componente /template/unzip.do • https://lycshub.github.io/2021/12/28/MCMS-vulnerabilities •
CVE-2021-46036
https://notcve.org/view.php?id=CVE-2021-46036
An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. Una vulnerabilidad de carga arbitraria de archivos en el componente /ms/file/uploadTemplate.do de MCMS versión v5.2.4, permite a atacantes ejecutar código arbitrario • https://lycshub.github.io/2021/12/28/MCMS-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-46385
https://notcve.org/view.php?id=CVE-2021-46385
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. https://gitee.com/mingSoft/MCMS MCMS versiones anteriores a 5.2.5 incluyéndola, está afectado por: Inyección SQL. El impacto es: obtención de información confidencial (remota). • https://gitee.com/mingSoft/MCMS/issues/I4QZ1K • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-46383
https://notcve.org/view.php?id=CVE-2021-46383
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. https://gitee.com/mingSoft/MCMS MCMS versiones anteriores a 5.2.5 incluyéndola, está afectado por: Inyección SQL. El impacto es: obtención de información confidencial (remota). • https://gitee.com/mingSoft/MCMS/issues/I4QZ1I • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-46386
https://notcve.org/view.php?id=CVE-2021-46386
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. La vulnerabilidad en la carga de archivos en mingSoft MCMS a través de la versión 5.2.5, permite a los atacantes remotos ejecutar código arbitrario a través de un webshell jspx elaborado para net.mingsoft.basic.action.web.FileAction#upload • https://gitee.com/mingSoft/MCMS/issues/I4R0GW • CWE-434: Unrestricted Upload of File with Dangerous Type •