CVE-2022-36272
https://notcve.org/view.php?id=CVE-2022-36272
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. Se ha detectado que Mingsoft MCMS versión 5.2.8, contiene una vulnerabilidad de inyección SQL en /mdiy/page/verify URI por medio del parámetro fieldName. • https://github.com/ming-soft/MCMS/issues/97 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-31943
https://notcve.org/view.php?id=CVE-2022-31943
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. Se ha detectado que MCMS versión v5.2.8, contiene una vulnerabilidad de carga de archivos arbitraria • https://github.com/ming-soft/MCMS/issues/95 • CWE-434: Unrestricted Upload of File with Dangerous Type •