6 matches found
CVE-2025-56316
A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via unsanitized input in the contenttitle parameter of the /cms/content/list endpoint during FreeMarker template rendering. An attacker can execute arbitrary SQL queries by supplying crafted input. Remediation Upgrade...
CVE-2025-56316
MCMS 5.5.0 is vulnerable to SQL injection in the content_title parameter of /cms/content/list during FreeMarker template rendering. Exploitation allows arbitrary SQL via unsanitized input. Impact is high (CVE-2025-56316 family). Remediation: upgrade net.mingsoft:ms-mcms to 6.0.2+ (per Snyk entry)...
GHSA-MX3X-RMRH-9WF6 SQL injection in net.mingsoft:ms-mcms
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list...
CVE-2022-26585
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list...
CVE-2022-26585
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list...