Mingsoft

mingsoft

47 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Mcms

mcms

47 CVEs

CVEs (47)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-29647 1Mingsoft 1Mcms Nov 21, 2024 Jun 2, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
CVE-2022-30048 1Mingsoft 1Mcms Nov 21, 2024 May 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
CVE-2022-30047 1Mingsoft 1Mcms Nov 21, 2024 May 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
CVE-2022-27466 1Mingsoft 1Mcms Nov 21, 2024 May 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
CVE-2022-27340 1Mingsoft 1Mcms Nov 21, 2024 Apr 22, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.
CVE-2022-26585 1Mingsoft 1Mcms Nov 21, 2024 Apr 5, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.
CVE-2021-46384 1Mingsoft 1Mcms Nov 21, 2024 Mar 4, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE v...Show more https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.Show less
CVE-2022-25125 1Mingsoft 1Mcms Nov 21, 2024 Mar 3, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.
CVE-2022-23899 1Mingsoft 1Mcms Nov 21, 2024 Mar 3, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.
CVE-2022-23898 1Mingsoft 1Mcms Nov 21, 2024 Mar 3, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
CVE-2021-46063 1Mingsoft 1Mcms Nov 21, 2024 Feb 18, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
CVE-2021-46062 1Mingsoft 1Mcms Nov 21, 2024 Feb 18, 2022 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.
CVE-2021-46037 1Mingsoft 1Mcms Nov 21, 2024 Feb 18, 2022 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.
CVE-2021-46036 1Mingsoft 1Mcms Nov 21, 2024 Feb 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.
CVE-2021-44868 1Mingsoft 1Mcms Nov 21, 2024 Feb 17, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do
CVE-2021-46385 1Mingsoft 1Mcms Nov 21, 2024 Jan 26, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is:...Show more https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.Show less
CVE-2021-46386 1Mingsoft 1Mcms Nov 21, 2024 Jan 26, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.
CVE-2021-46383 1Mingsoft 1Mcms Nov 21, 2024 Jan 26, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or...Show more https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.Show less
CVE-2022-23315 1Mingsoft 1Mcms Nov 21, 2024 Jan 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.
CVE-2022-23314 1Mingsoft 1Mcms Nov 21, 2024 Jan 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.

Previous 123 Next