Product:

Mcms

(Mingsoft)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 41
Date Id Summary Products Score Patch Annotated
2024-01-16 CVE-2023-51282 An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. Mcms 7.5
2024-02-05 CVE-2024-22567 File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. Mcms 8.8
2024-09-03 CVE-2024-42991 MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution. Mcms N/A
2023-04-04 CVE-2020-20913 SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. Mcms 9.8
2023-05-08 CVE-2020-22755 File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. Mcms 8.8
2021-01-26 CVE-2020-23262 An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do. Mcms 9.8
2022-01-21 CVE-2022-22928 MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. Mcms 9.8
2022-01-21 CVE-2022-22929 MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. Mcms 9.8
2022-01-21 CVE-2022-22930 A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload. Mcms 9.8
2022-01-21 CVE-2022-23314 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. Mcms 9.8