CVE-2022-30047
https://notcve.org/view.php?id=CVE-2022-30047
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. Se ha detectado que Mingsoft MCMS versión v5.2.7, contiene una vulnerabilidad de inyección SQL en el URI /mdiy/dict/listExcludeApp por medio del parámetro orderBy • https://gitee.com/mingSoft/MCMS/issues/I54VLM • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-27340
https://notcve.org/view.php?id=CVE-2022-27340
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. MCMS versión v5.2.7, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) por medio de el archivo /role/saveOrUpdateRole.do. Esta vulnerabilidad permite a atacantes escalar privilegios y modificar datos • https://github.com/UDKI11/vul/blob/main/Mcms%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0.docx https://github.com/ming-soft/MCMS • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-26585
https://notcve.org/view.php?id=CVE-2022-26585
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. Se ha detectado que Mingsoft MCMS versión v5.2.7, contiene una vulnerabilidad de inyección SQL por medio de /cms/content/list • https://gitee.com/mingSoft/MCMS/issues/I4W1S9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-46384
https://notcve.org/view.php?id=CVE-2021-46384
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. https://gitee.com/mingSoft/MCMS MCMS versiones anteriores a 5.2.5 incluyéndola, está afectado por: RCE. • https://gitee.com/mingSoft/MCMS/issues/I4QZ1O • CWE-306: Missing Authentication for Critical Function •
CVE-2022-25125
https://notcve.org/view.php?id=CVE-2022-25125
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. Se ha detectado que MCMS versión v5.2.4, contiene una vulnerabilidad de inyección SQL por medio de search.do en el archivo /mdiy/dict/listExcludeApp • https://gitee.com/mingSoft/MCMS/issues/I4TGYI • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •