MingSoft Mcms is a complete open source J2ee system from MingSoft. MCMS 5.2.5 and previous versions have a security vulnerability that originates from net.mingsoft.basic.action.web.EditorAction#editor missing for json data The vulnerability can be exploited for remote code execution.