234 matches found
MingSoft MCMS 安全漏洞
MingSoft MCMS is a fully open-source J2EE system developed by MingSoft Corporation. Versions of MingSoft MCMS 5.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the net/mingsoft/cms/action/web/ContentAction.java file, which may lead to SQL...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Versions of MingSoft MCMS 5.5.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the parameter “catchimage” in the file...
PT-2026-28679
A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...
PT-2026-28680
A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...
CVE-2026-2666
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...
mingSoft MCMS does not properly restrict file uploads
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...
GHSA-R9WP-QQ53-QVJX mingSoft MCMS does not properly restrict file uploads
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...
CVE-2026-2666
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...
CVE-2026-2666
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...
CVE-2026-2666 mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...
CVE-2026-2666 mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...
CVE-2026-2666
mingSoft MCMS 6.1.1 is affected. The vulnerability resides in the Template Archive Handler’s /ms/file/uploadTemplate.do where manipulating the File argument enables unrestricted file uploads, and the attack can be carried out remotely. Public exploit information exists. Impact is described consis...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Version 6.1.1 of MingSoft MCMS contains a security vulnerability, which stems from incorrect handling of the File parameter in the file/ms/file/uploadTemplate.do file. This vulnerability could lead...
PT-2026-20494
Name of the Vulnerable Software and Affected Versions mingSoft MCMS version 6.1.1 Description A flaw exists in mingSoft MCMS 6.1.1 related to unrestricted file upload. The issue is located within the Template Archive Handler component, specifically in a function associated with the...
SQL Injection
Mingsoft MCMS is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input in the /mdiy/model/delete URI, which allows an attacker to inject and execute arbitrary SQL commands...
Server-Side Template Injection (SSTI)
net.mingsoft, ms-mcms is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-supplied input in the Template Management module, which allows an attacker to inject and execute arbitrary template code on the server...
Remote Code Execution
Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v6.0.1, which originates from reflective cross-site scripting and could lead to an attacker executing arbitrary Javascript in a user's browser environment...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.5.0, which stems from a FreeMarker template rendering without clearing the contenttitle parameter input, which could lead to a SQL injection attack...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v6.0.1, which originates from allowing the upload of specially crafted files and could lead to the execution of arbitrary code...