CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46384
https://notcve.org/view.php?id=CVE-2021-46384
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. https://gitee.com/mingSoft/MCMS MCMS versiones anteriores a 5.2.5 incluyéndola, está afectado por: RCE. • https://gitee.com/mingSoft/MCMS/issues/I4QZ1O • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-25125
https://notcve.org/view.php?id=CVE-2022-25125
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. Se ha detectado que MCMS versión v5.2.4, contiene una vulnerabilidad de inyección SQL por medio de search.do en el archivo /mdiy/dict/listExcludeApp • https://gitee.com/mingSoft/MCMS/issues/I4TGYI • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23899
https://notcve.org/view.php?id=CVE-2022-23899
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de inyección SQL por medio de search.do en el archivo /web/MCmsAction.java • https://github.com/ming-soft/MCMS/issues/63 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-23898
https://notcve.org/view.php?id=CVE-2022-23898
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de inyección SQL por medio del parámetro categoryId en el archivo IContentDao.xml • https://github.com/ming-soft/MCMS/issues/62 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 4CVE-2021-46063
https://notcve.org/view.php?id=CVE-2021-46063
MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. Se ha detectado que MCMS versión v5.2.5, contiene una vulnerabilidad de inyección de plantillas del lado del servidor (SSTI) por medio del módulo de administración de plantillas • https://github.com/miguelc49/CVE-2021-46063-2 https://github.com/miguelc49/CVE-2021-46063-1 https://github.com/miguelc49/CVE-2021-46063-3 https://github.com/ming-soft/MCMS/issues/59 • CWE-94: Improper Control of Generation of Code ('Code Injection') •