234 matches found
Unspecified Vulnerability in MingSoft Mcms
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of effective filtering of user-submitted data in the software's template management function, and can be exploited by an...
GHSA-77HH-P7R6-66PV Arbitrary File Upload in Mingsoft MCMS
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file...
RCE in Mingsoft MCMS
A remote code execution RCE vulnerability in the Template Management function of MCMS allows attackers to execute arbitrary code via a crafted payload...
GHSA-8WQ7-HHJJ-FPQV RCE in Mingsoft MCMS
A remote code execution RCE vulnerability in the Template Management function of MCMS allows attackers to execute arbitrary code via a crafted payload...
GHSA-FR5W-98MC-JJVG Arbitrary file upload in Mingsoft MCMS
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do...
Arbitrary file upload in Mingsoft MCMS
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do...
MingSoft Mcms 信任管理问题漏洞
MingSoft Mcms is a complete open source J2ee system from MingSoft, China. v5.2.4 of MingSoft Mcms contains a security vulnerability that stems from the existence of a hard-coded shiro-key in the software, which can be exploited by attackers to execute arbitrary code...
MingSoft Mcms 代码问题漏洞
MingSoft Mcms is a complete open source J2ee system from MingSoft. A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of file restrictions and filters in the New Template module of the software, leading to an arbitrary file upload vulnerability that can be exploite...
MingSoft Mcms 安全漏洞
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of effective filtering of user-submitted data in the software's template management function, and can be exploited by an...
MingSoft Mcms SQL注入漏洞
Mcms is a complete open source J2ee system from China MingFei MingSoft. mcms v5.2.4 version has a SQL injection vulnerability, which originates in /ms/mdiy/model/importJson.do for the lack of filtering and escaping of SQL data. No detailed vulnerability details are available at this time...
MingSoft Mcms 代码问题漏洞
MingSoft Mcms is a complete open source J2ee system from MingSoft. A security vulnerability exists in MingSoft Mcms v5.2.4, which stems from the lack of file type restriction and filtering in the component ms template writeFileContent.do, resulting in an arbitrary file upload vulnerability...
Jiangxi Minsoft Technology Co., Ltd. MCms foreground has a logic flaw vulnerability
Jiangxi Minsoft Technology Co., Ltd. business scope includes: information technology consulting services; Internet information services; computer software technology development and so on. Jiangxi MingSoft Technology Co., Ltd. MCms foreground there is a logic flaw vulnerability, an attacker can u...
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...
CVE-2018-18830
MCMS 4.6.5 is affected by a flaw in com\mingsoft\basic\action\web\FileAction.java where the upload interface does not verify login status, allowing an attacker to upload JSP content disguised as a .png file and then coerce a suffix change to .jsp to access a stored path and execute arbitrary JSP ...