Lucene search

[email protected]NVD:CVE-2022-4375

HistoryDec 09, 2022 - 8:15 a.m.

CVE-2022-4375

2022-12-0908:15:09

CWE-707

CWE-89

[email protected]

web.nvd.nist.gov

mingsoft mcms

5.2.9

critical

sql injection

remote attack

upgrade

vdb-215196

version 5.2.10

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.1%

JSON

A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.

Affected configurations

Nvd

Node

mingsoftmcmsRange<5.2.10

VendorProductVersionCPE
mingsoftmcms*cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mingsoft	mcms	*	cpe:2.3:a:mingsoft:mcms::::::::

References

gitee.com/mingSoft/MCMS/issues/I61TG5

vuldb.com/?id.215196

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.1%

JSON

Related for NVD:CVE-2022-4375

github1 cve1 osv1 prion1 cvelist1 veracode1