CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42991
https://notcve.org/view.php?id=CVE-2024-42991
03 Sep 2024 — MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution. • https://gitee.com/mingSoft/MCMS/issues/IAHN9F • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33748
https://notcve.org/view.php?id=CVE-2024-33748
07 May 2024 — Cross-site scripting (XSS) vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier. Vulnerabilidad de Cross-site scripting (XSS) en la función de búsqueda en MvnRepository MS Basic 2.1.18.3 y versiones anteriores. • https://github.com/Fr1ezy/Fr1ezy-ms-basic_XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22567
https://notcve.org/view.php?id=CVE-2024-22567
05 Feb 2024 — File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. La vulnerabilidad de carga de archivos en MCMS 5.3.5 permite a los atacantes cargar archivos arbitrarios mediante una solicitud POST manipulada en /ms/file/upload.do. • https://github.com/h3ak/MCMS-CVE-Request • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51282
https://notcve.org/view.php?id=CVE-2023-51282
16 Jan 2024 — An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. Un problema en mingSoft MCMS v.5.2.4 permite a un atacante remoto obtener información confidencial a través de un script manipulado para el parámetro de password. • https://gitee.com/mingSoft/MCMS/issues/I4Q4NV • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50578
https://notcve.org/view.php?id=CVE-2023-50578
30 Dec 2023 — Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. Se descubrió que Mingsoft MCMS v5.2.9 contiene una vulnerabilidad de inyección SQL a través del parámetro CategoryType en /content/list.do. • https://gitee.com/mingSoft/MCMS/issues/I8MAJK • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3990 – Mingsoft MCMS HTTP POST Request search.do cross site scripting
https://notcve.org/view.php?id=CVE-2023-3990
28 Jul 2023 — A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/mingSoft/MCMS/issues/I7K4DQ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22755
https://notcve.org/view.php?id=CVE-2020-22755
08 May 2023 — File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. • https://github.com/ming-soft/MCMS • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20913
https://notcve.org/view.php?id=CVE-2020-20913
04 Apr 2023 — SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. • https://github.com/ming-soft/MCMS/issues/27 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-47042
https://notcve.org/view.php?id=CVE-2022-47042
24 Jan 2023 — MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. Se descubrió que MCMS v5.2.10 y versiones anteriores contenían una vulnerabilidad de escritura de archivos arbitraria a través del componente ms/template/writeFileContent.do. • https://gitee.com/mingSoft/MCMS/issues/I6592F • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4640 – Mingsoft MCMS Article save cross site scripting
https://notcve.org/view.php?id=CVE-2022-4640
21 Dec 2022 — A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/mingSoft/MCMS/issues/I65KI5 • CWE-707: Improper Neutralization •