Lucene search
K

234 matches found

CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a fully open-source J2EE system developed by MingSoft Corporation. Versions of MingSoft MCMS 5.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the net/mingsoft/cms/action/web/ContentAction.java file, which may lead to SQL...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Versions of MingSoft MCMS 5.5.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the parameter “catchimage” in the file...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.10 views

PT-2026-28679

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.6 views

PT-2026-28680

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.7 views

CVE-2026-2666

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

7.2CVSS5.3AI score0.00362EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/02/18 9:31 p.m.11 views

mingSoft MCMS does not properly restrict file uploads

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

7.2CVSS5.3AI score0.00362EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/18 9:31 p.m.4 views

GHSA-R9WP-QQ53-QVJX mingSoft MCMS does not properly restrict file uploads

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

5.1CVSS5.5AI score0.00362EPSS
Exploits1References6
OSV
OSV
added 2026/02/18 8:18 p.m.9 views

CVE-2026-2666

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

7.2CVSS5.5AI score0.00362EPSS
Exploits1References5
NVD
NVD
added 2026/02/18 8:18 p.m.14 views

CVE-2026-2666

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

7.2CVSS0.00362EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/18 8:2 p.m.6 views

CVE-2026-2666 mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

5.8CVSS5.3AI score0.00362EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/18 8:2 p.m.35 views

CVE-2026-2666 mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

5.8CVSS0.00362EPSS
Exploits1References5
CVE
CVE
added 2026/02/18 8:2 p.m.18 views

CVE-2026-2666

mingSoft MCMS 6.1.1 is affected. The vulnerability resides in the Template Archive Handler’s /ms/file/uploadTemplate.do where manipulating the File argument enables unrestricted file uploads, and the attack can be carried out remotely. Public exploit information exists. Impact is described consis...

7.2CVSS5.3AI score0.00362EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.53 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Version 6.1.1 of MingSoft MCMS contains a security vulnerability, which stems from incorrect handling of the File parameter in the file/ms/file/uploadTemplate.do file. This vulnerability could lead...

7.2CVSS5.9AI score0.00362EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.13 views

PT-2026-20494

Name of the Vulnerable Software and Affected Versions mingSoft MCMS version 6.1.1 Description A flaw exists in mingSoft MCMS 6.1.1 related to unrestricted file upload. The issue is located within the Template Archive Handler component, specifically in a function associated with the...

7.2CVSS4.9AI score0.00362EPSS
Exploits1References8
Veracode
Veracode
added 2025/12/13 5:12 a.m.19 views

SQL Injection

Mingsoft MCMS is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input in the /mdiy/model/delete URI, which allows an attacker to inject and execute arbitrary SQL commands...

9.8CVSS7.6AI score0.00873EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2025/12/13 4:43 a.m.10 views

Server-Side Template Injection (SSTI)

net.mingsoft, ms-mcms is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-supplied input in the Template Management module, which allows an attacker to inject and execute arbitrary template code on the server...

9.1CVSS7.7AI score0.02731EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2025/12/13 4:43 a.m.11 views

Remote Code Execution

Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...

9.8CVSS7.4AI score0.03111EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.6 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v6.0.1, which originates from reflective cross-site scripting and could lead to an attacker executing arbitrary Javascript in a user's browser environment...

6.1CVSS5.9AI score0.00184EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.6 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.5.0, which stems from a FreeMarker template rendering without clearing the contenttitle parameter input, which could lead to a SQL injection attack...

9.8CVSS7.4AI score0.0058EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.8 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v6.0.1, which originates from allowing the upload of specially crafted files and could lead to the execution of arbitrary code...

6.5CVSS7AI score0.00245EPSS
Exploits0References3
Rows per page
Query Builder