CVE-2023-51282
https://notcve.org/view.php?id=CVE-2023-51282
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. Un problema en mingSoft MCMS v.5.2.4 permite a un atacante remoto obtener información confidencial a través de un script manipulado para el parámetro de password. • https://gitee.com/mingSoft/MCMS/issues/I4Q4NV https://github.com/tanalala/CVE/blob/main/Code.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-50578
https://notcve.org/view.php?id=CVE-2023-50578
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. Se descubrió que Mingsoft MCMS v5.2.9 contiene una vulnerabilidad de inyección SQL a través del parámetro CategoryType en /content/list.do. • https://gitee.com/mingSoft/MCMS/issues/I8MAJK • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-3990 – Mingsoft MCMS HTTP POST Request search.do cross site scripting
https://notcve.org/view.php?id=CVE-2023-3990
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/mingSoft/MCMS/issues/I7K4DQ https://vuldb.com/?ctiid.235611 https://vuldb.com/?id.235611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-22755
https://notcve.org/view.php?id=CVE-2020-22755
File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. • https://github.com/ming-soft/MCMS https://github.com/ming-soft/MCMS/issues/42 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-20913
https://notcve.org/view.php?id=CVE-2020-20913
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. • https://github.com/ming-soft/MCMS/issues/27 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •