Product:

Mcms

(Mingsoft)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 41
Date Id Summary Products Score Patch Annotated
2022-03-03 CVE-2022-23898 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. Mcms 9.8
2022-03-03 CVE-2022-23899 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. Mcms 9.8
2022-03-03 CVE-2022-25125 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. Mcms 9.8
2022-03-04 CVE-2021-46384 https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΒΆΒΆ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS. Mcms 9.8
2022-04-05 CVE-2022-26585 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. Mcms 9.8
2022-04-22 CVE-2022-27340 MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. Mcms 8.8
2022-05-02 CVE-2022-27466 MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. Mcms 9.8
2022-05-11 CVE-2022-30047 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. Mcms 9.8
2022-05-11 CVE-2022-30048 Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. Mcms 9.8
2022-06-02 CVE-2022-29647 An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. Mcms 8.8