10 matches found
CVE-2026-4954 mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection
A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...
SQL Injection
net.mingsoft:ms-mcms is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the contenttitle parameter in the /cms/content/list endpoint, which allows an attacker to inject and execute arbitrary SQL queries through crafted input in the FreeMarker template rendering...
GHSA-54WC-49QJ-5GHJ MCMS vulnerable SQL injection via the content_title parameter
A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 through 6.0.1 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...
EUVD-2025-34912
A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...
MCMS vulnerable SQL injection via the content_title parameter
A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 through 6.0.1 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...
CVE-2025-56316
A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...
CVE-2025-56316
A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...
MingSoft MCMS SQL注入漏洞
MCMS is China's Ming Fei MingSoft company a complete open source J2ee system . Ltd. MCMS v5.2.9 version of the SQL injection vulnerability , the vulnerability stems from /content/list.do in the categoryType parameter lack of external input SQL statement validation , an attacker can use the...
PT-2023-31596 · Mingsoft · Mingsoft Mcms
Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS version 5.2.9 Description: A SQL injection issue was discovered in Mingsoft MCMS via the categoryType parameter at the "/content/list.do" API endpoint. This allows for potential exploitation. Recommendations: For Mingsoft MCMS...
MingSoft MCMS SQL注入漏洞
MingSoft MCMS is a complete open source J2ee system from MingSoft, a Chinese company. mingsoft MCMS has a SQL injection vulnerability, which originates from the lack of filtering and escaping of SQL data in the categoryId parameter of /cms/content/list, and can be used by attackers to execute...