Lucene search
+L

234 matches found

CNVD
CNVD
added 2022/01/24 12:0 a.m.32 views

Unspecified Vulnerability in MingSoft Mcms

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of effective filtering of user-submitted data in the software's template management function, and can be exploited by an...

9.8CVSS9.7AI score0.23694EPSS
Exploits1References1
OSV
OSV
added 2022/01/22 12:0 a.m.18 views

GHSA-77HH-P7R6-66PV Arbitrary File Upload in Mingsoft MCMS

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file...

9.8CVSS9.7AI score0.02576EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/01/22 12:0 a.m.18 views

RCE in Mingsoft MCMS

A remote code execution RCE vulnerability in the Template Management function of MCMS allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS8.3AI score0.23694EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/01/22 12:0 a.m.10 views

GHSA-8WQ7-HHJJ-FPQV RCE in Mingsoft MCMS

A remote code execution RCE vulnerability in the Template Management function of MCMS allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS9.7AI score0.23694EPSS
Exploits1References3
OSV
OSV
added 2022/01/22 12:0 a.m.73 views

GHSA-FR5W-98MC-JJVG Arbitrary file upload in Mingsoft MCMS

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do...

9.8CVSS9.7AI score0.01819EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/01/22 12:0 a.m.27 views

Arbitrary file upload in Mingsoft MCMS

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do...

9.8CVSS7.4AI score0.01819EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/01/21 12:0 a.m.6 views

MingSoft Mcms 信任管理问题漏洞

MingSoft Mcms is a complete open source J2ee system from MingSoft, China. v5.2.4 of MingSoft Mcms contains a security vulnerability that stems from the existence of a hard-coded shiro-key in the software, which can be exploited by attackers to execute arbitrary code...

9.8CVSS6AI score0.025EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/21 12:0 a.m.8 views

MingSoft Mcms 代码问题漏洞

MingSoft Mcms is a complete open source J2ee system from MingSoft. A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of file restrictions and filters in the New Template module of the software, leading to an arbitrary file upload vulnerability that can be exploite...

9.8CVSS8.7AI score0.02576EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/21 12:0 a.m.4 views

MingSoft Mcms 安全漏洞

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of effective filtering of user-submitted data in the software's template management function, and can be exploited by an...

9.8CVSS6.1AI score0.23694EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/21 12:0 a.m.6 views

MingSoft Mcms SQL注入漏洞

Mcms is a complete open source J2ee system from China MingFei MingSoft. mcms v5.2.4 version has a SQL injection vulnerability, which originates in /ms/mdiy/model/importJson.do for the lack of filtering and escaping of SQL data. No detailed vulnerability details are available at this time...

9.8CVSS5.8AI score0.01595EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/20 12:0 a.m.12 views

MingSoft Mcms 代码问题漏洞

MingSoft Mcms is a complete open source J2ee system from MingSoft. A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of file type restriction and filtering in the component ms template writeFileContent.do, resulting in an arbitrary file upload vulnerability...

9.8CVSS8.3AI score0.01819EPSS
Exploits1References2
CNVD
CNVD
added 2020/11/06 12:0 a.m.2 views

Jiangxi Minsoft Technology Co., Ltd. MCms foreground has a logic flaw vulnerability

Jiangxi Minsoft Technology Co., Ltd. business scope includes: information technology consulting services; Internet information services; computer software technology development and so on. Jiangxi MingSoft Technology Co., Ltd. MCms foreground there is a logic flaw vulnerability, an attacker can u...

6.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2018/11/01 2:48 p.m.71 views

Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...

9.8CVSS2.1AI score0.01205EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/10/30 6:0 a.m.77 views

CVE-2018-18830

MCMS 4.6.5 is affected by a flaw in com\mingsoft\basic\action\web\FileAction.java where the upload interface does not verify login status, allowing an attacker to upload JSP content disguised as a .png file and then coerce a suffix change to .jsp to access a stored path and execute arbitrary JSP ...

9.8CVSS9.7AI score0.01205EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder