MingSoft Mcms is a complete open source J2ee system from MingSoft, China. v5.2.4 of MingSoft Mcms contains a security vulnerability that stems from the lack of effective filtering of user-submitted data in the software’s template management function, which could be exploited by attackers to execute arbitrary code via a carefully designed payload.