EUVD-2026-16629

A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to...

CVE-2026-4954 mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

CVE-2026-4953 mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

CVE-2026-4953

CVE-2026-4953 affects mingSoft MCMS up to version 5.5.0, specifically the Editor Endpoint’s file net/mingsoft/cms/action/BaseAction.java and its catchImage function. Manipulating the argument catchimage can trigger server-side request forgery (SSRF) and is exploitable remotely. The exploit is pub...

PT-2026-28680

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

MingSoft MCMS SQL注入漏洞

MCMS is China's Ming Fei MingSoft company a complete open source J2ee system . Ltd. MCMS v5.2.9 version of the SQL injection vulnerability , the vulnerability stems from /content/list.do in the categoryType parameter lack of external input SQL statement validation , an attacker can use the...

PT-2023-27142 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS versions up to 5.3.1 Description: A problematic vulnerability has been found in Mingsoft MCMS, affecting an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style...

MingSoft MCMS 代码问题漏洞

MingSoft MCMS is a complete open-source J2ee system from China's MingSoft. A security vulnerability exists in MCMS version 5.0, which stems from a file upload vulnerability that allows an attacker to execute arbitrary code via a created thumbnail image...

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.2.9, which stems from the save function of its Article Handler component that allows an attacker to implement cross-site scripting...

CVE-2022-4375

A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2022-36599

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists...

MingSoft MCMS 代码问题漏洞

MCMS is a java-based development of a lightweight open source content management system . Jiangxi Mingsoft Technology Co., Ltd MCMS file upload vulnerability, an attacker can use the vulnerability to obtain control of the server...

CVE-2022-26585

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list...

CVE-2021-46386

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...