Lucene search
K

12 matches found

EUVD
EUVD
added 2026/03/27 3:30 p.m.8 views

EUVD-2026-16629

A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to...

7.5CVSS5.6AI score0.00278EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/27 2:13 p.m.27 views

CVE-2026-4954 mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS0.00192EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/27 2:13 p.m.31 views

CVE-2026-4953 mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS0.00278EPSS
Exploits0References4
CVE
CVE
added 2026/03/27 2:13 p.m.19 views

CVE-2026-4953

CVE-2026-4953 affects mingSoft MCMS up to version 5.5.0, specifically the Editor Endpoint’s file net/mingsoft/cms/action/BaseAction.java and its catchImage function. Manipulating the argument catchimage can trigger server-side request forgery (SSRF) and is exploitable remotely. The exploit is pub...

7.5CVSS6.7AI score0.00278EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/30 12:0 a.m.4 views

MingSoft MCMS SQL注入漏洞

MCMS is China's Ming Fei MingSoft company a complete open source J2ee system . Ltd. MCMS v5.2.9 version of the SQL injection vulnerability , the vulnerability stems from /content/list.do in the categoryType parameter lack of external input SQL statement validation , an attacker can use the...

9.8CVSS7.8AI score0.02222EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.6 views

MingSoft MCMS 代码问题漏洞

MingSoft MCMS is a complete open-source J2ee system from China's MingSoft. A security vulnerability exists in MCMS version 5.0, which stems from a file upload vulnerability that allows an attacker to execute arbitrary code via a created thumbnail image...

8.8CVSS8.4AI score0.00924EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/21 12:0 a.m.3 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.2.9, which stems from the save function of its Article Handler component that allows an attacker to implement cross-site scripting...

5.4CVSS5.1AI score0.00408EPSS
Exploits1References3
OSV
OSV
added 2022/12/09 8:15 a.m.4 views

CVE-2022-4375

A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

9.8CVSS5.6AI score0.0289EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.4 views

MingSoft MCMS 代码问题漏洞

MCMS is a java-based development of a lightweight open source content management system . Jiangxi Mingsoft Technology Co., Ltd MCMS file upload vulnerability, an attacker can use the vulnerability to obtain control of the server...

9.8CVSS5.6AI score0.02539EPSS
Exploits1References2
OSV
OSV
added 2022/04/05 1:15 a.m.4 views

CVE-2022-26585

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list...

9.8CVSS7.3AI score0.05617EPSS
Exploits1References1
OSV
OSV
added 2022/01/26 5:15 p.m.4 views

CVE-2021-46386

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...

9.8CVSS7.6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/26 5:15 p.m.5 views

CVE-2021-46386

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...

9.8CVSS8.3AI score0.03111EPSS
Exploits1References2
Rows per page
Query Builder