Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mingsoft mcms vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2021-46062
MCMS v5.2.5 exists to contain an arbitrary file deletion vulnerability via the component oldFileName.
Mingsoft Mcms 5.2.5
9.1
CVSSv3
CVE-2021-46063
MCMS v5.2.5 exists to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
Mingsoft Mcms 5.2.5
3 Github repositories
9.8
CVSSv3
CVE-2022-36272
Mingsoft MCMS 5.2.8 exists to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
Mingsoft Mcms 5.2.8
9.8
CVSSv3
CVE-2022-30506
An arbitrary file upload vulnerability exists in MCMS 5.2.7, allowing an malicious user to execute arbitrary code through a crafted ZIP file.
Mingsoft Mcms 5.2.7
6.1
CVSSv3
CVE-2022-4350
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit h...
Mingsoft Mcms 5.2.8
9.8
CVSSv3
CVE-2022-25125
MCMS v5.2.4 exists to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.
Mingsoft Mcms 5.2.4
9.8
CVSSv3
CVE-2022-22928
MCMS v5.2.4 exists to have a hardcoded shiro-key, allowing malicious users to exploit the key and execute arbitrary code.
Mingsoft Mcms 5.2.4
9.8
CVSSv3
CVE-2022-22929
MCMS v5.2.4 exists to have an arbitrary file upload vulnerability in the New Template module, which allows malicious users to execute arbitrary code via a crafted ZIP file.
Mingsoft Mcms 5.2.4
9.8
CVSSv3
CVE-2022-22930
A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows malicious users to execute arbitrary code via a crafted payload.
Mingsoft Mcms 5.2.4
9.8
CVSSv3
CVE-2021-44868
A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do
Mingsoft Mcms 5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4