Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mingsoft mcms 5.2.5 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-23898
MCMS v5.2.5 exists to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
Mingsoft Mcms 5.2.5
7.1
CVSSv3
CVE-2021-46062
MCMS v5.2.5 exists to contain an arbitrary file deletion vulnerability via the component oldFileName.
Mingsoft Mcms 5.2.5
9.1
CVSSv3
CVE-2021-46063
MCMS v5.2.5 exists to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.
Mingsoft Mcms 5.2.5
3 Github repositories
9.8
CVSSv3
CVE-2022-23899
MCMS v5.2.5 exists to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.
Mingsoft Mcms 5.2.5
9.8
CVSSv3
CVE-2021-46386
File upload vulnerability in mingSoft MCMS up to and including 5.2.5, allows remote malicious users to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.
Mingsoft Mcms
7.5
CVSSv3
CVE-2021-46383
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerab...
Mingsoft Mcms
7.5
CVSSv3
CVE-2021-46385
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vul...
Mingsoft Mcms
9.8
CVSSv3
CVE-2021-46384
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which ...
Mingsoft Mcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started