Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mcms
(Mingsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-26 | CVE-2021-46383 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | Mcms | 7.5 | ||
| 2022-01-26 | CVE-2021-46386 | File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. | Mcms | 9.8 | ||
| 2022-01-26 | CVE-2021-46385 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. | Mcms | 7.5 | ||
| 2022-02-17 | CVE-2021-44868 | A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do | Mcms | 9.8 | ||
| 2022-02-18 | CVE-2021-46036 | An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | Mcms | 9.8 | ||
| 2022-02-18 | CVE-2021-46037 | MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do. | Mcms | 8.1 | ||
| 2022-02-18 | CVE-2021-46062 | MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName. | Mcms | 7.1 | ||
| 2022-02-18 | CVE-2021-46063 | MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. | Mcms | 9.1 | ||
| 2022-03-03 | CVE-2022-23898 | MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. | Mcms | 9.8 | ||
| 2022-03-03 | CVE-2022-23899 | MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. | Mcms | 9.8 |