SQL Injection

net.mingsoft:ms-mcms is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the contenttitle parameter in the /cms/content/list endpoint, which allows an attacker to inject and execute arbitrary SQL queries through crafted input in the FreeMarker template rendering...

EUVD-2025-34912

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via unsanitized input in the contenttitle parameter of the /cms/content/list endpoint during FreeMarker template rendering. An attacker can execute arbitrary SQL queries by supplying crafted input. Remediation Upgrade...

CVE-2025-56316

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.5.0, which stems from a FreeMarker template rendering without clearing the contenttitle parameter input, which could lead to a SQL injection attack...