Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mcms
(Mingsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 40 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-26 | CVE-2021-46386 | File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. | Mcms | 9.8 | ||
| 2022-08-16 | CVE-2022-36272 | Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. | Mcms | 9.8 | ||
| 2022-08-16 | CVE-2022-36599 | Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists. | Mcms | 9.8 | ||
| 2022-02-18 | CVE-2021-46063 | MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. | Mcms | 9.1 | ||
| 2022-03-04 | CVE-2021-46384 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΒΆΒΆ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. | Mcms | 9.8 | ||
| 2022-07-01 | CVE-2022-31943 | MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. | Mcms | 9.8 | ||
| 2022-06-02 | CVE-2022-30506 | An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | Mcms | 9.8 | ||
| 2022-06-02 | CVE-2022-29647 | An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | Mcms | 8.8 | ||
| 2022-05-11 | CVE-2022-30047 | Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. | Mcms | 9.8 | ||
| 2022-05-11 | CVE-2022-30048 | Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. | Mcms | 9.8 |