CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 4CVE-2021-46063
https://notcve.org/view.php?id=CVE-2021-46063
MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de inyección de plantillas del lado del servidor (SSTI) por medio del módulo de administración de plantillas • https://github.com/miguelc49/CVE-2021-46063-2 https://github.com/miguelc49/CVE-2021-46063-1 https://github.com/miguelc49/CVE-2021-46063-3 https://github.com/ming-soft/MCMS/issues/59 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46062
https://notcve.org/view.php?id=CVE-2021-46062
MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de eliminación arbitraria de archivos por medio del componente oldFileName • https://github.com/ming-soft/MCMS/issues/59 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46385
https://notcve.org/view.php?id=CVE-2021-46385
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. https://gitee.com/mingSoft/MCMS MCMS versiones anteriores a 5.2.5 incluyéndola, está afectado por: Inyección SQL. El impacto es: obtención de información confidencial (remota). • https://gitee.com/mingSoft/MCMS/issues/I4QZ1K • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46383
https://notcve.org/view.php?id=CVE-2021-46383
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. https://gitee.com/mingSoft/MCMS MCMS versiones anteriores a 5.2.5 incluyéndola, está afectado por: Inyección SQL. El impacto es: obtención de información confidencial (remota). • https://gitee.com/mingSoft/MCMS/issues/I4QZ1I • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-46386
https://notcve.org/view.php?id=CVE-2021-46386
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. La vulnerabilidad en la carga de archivos en mingSoft MCMS a través de la versión 5.2.5, permite a los atacantes remotos ejecutar código arbitrario a través de un webshell jspx elaborado para net.mingsoft.basic.action.web.FileAction#upload • https://gitee.com/mingSoft/MCMS/issues/I4R0GW • CWE-434: Unrestricted Upload of File with Dangerous Type •