Lucene search
K

234 matches found

vulnersOsv
vulnersOsv
added 2024/05/07 6:30 p.m.13 views

net.mingsoft:ms-ad (=1.0.0), net.mingsoft:ms-clean (>=1.0.0 <=1.0.1) +23 more potentially affected by CVE-2024-33748 via net.mingsoft:ms-basic (>=1.0.10 <=2.1.13.1)

net.mingsoft:ms-basic MAVEN version =1.0.10, =1.0.0, =1.0.4, =1.0.0, =4.6.3-SNAPSHOTS, =1.0.0, =1.0.4, =1.0.0, =1.0.1, =1.0.1, =1.0.2 and more Source cves: CVE-2024-33748 Source advisory: OSV:GHSA-64CM-3CJ3-67HF...

4.1CVSS5.8AI score0.0036EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.7 views

PT-2024-25461 · Unknown · Mvnrepository Ms Basic +1

Name of the Vulnerable Software and Affected Versions: MvnRepository MS Basic versions 2.1.18.3 and earlier Maven net.mingsoft MS Basic versions 2.1.13.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability in the search function. This type of vulnerability...

4.1CVSS6.1AI score0.0036EPSS
Exploits0References6
Veracode
Veracode
added 2024/02/06 2:59 p.m.16 views

Arbitrary File Upload

mingSoft is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation when uploading files within the following POST request /ms/file/upload.do. This issue can be exploited by an attacker to upload arbitrary files...

8.8CVSS6.9AI score0.17789EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

MingSoft MCMS Security Vulnerability

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.3.5, which stems from a file upload vulnerability that allows an attacker to upload arbitrary files via a crafted POST request...

8.8CVSS7AI score0.17789EPSS
Exploits1References2
OSV
OSV
added 2024/01/16 3:30 a.m.14 views

GHSA-H57W-VH34-F8CW Code injection in mingSoft MCMS

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...

7.5CVSS7.3AI score0.01119EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/01/16 3:30 a.m.23 views

Code injection in mingSoft MCMS

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...

7.5CVSS6.5AI score0.01119EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/01/16 2:15 a.m.22 views

CVE-2023-51282

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...

7.5CVSS7.3AI score0.01119EPSS
Exploits1References2
OSV
OSV
added 2024/01/16 2:15 a.m.5 views

CVE-2023-51282

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...

7.5CVSS7.2AI score0.01119EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/01/16 12:0 a.m.2 views

CVE-2023-51282

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...

7.3AI score0.01119EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.6 views

MingSoft MCMS Security Vulnerability

MingSoft MCMS is a complete open source J2ee system from China-based MingSoft. A security vulnerability exists in MingSoft MCMS version v.5.2.4, which originated from a vulnerability that allows remote attackers to obtain sensitive information via a carefully crafted script...

7.5CVSS6.5AI score0.01119EPSS
Exploits1References3
CVE
CVE
added 2024/01/16 12:0 a.m.53 views

CVE-2023-51282

CVE-2023-51282 affects mingSoft MCMS v5.2.4. The issue allows a remote attacker to obtain sensitive information by sending a crafted script to the password parameter, with a CVSS v3.1 base score of 7.5 (HIGH) and network attack Vector, low attack complexity, no privileges required, no user intera...

7.5CVSS7.2AI score0.01119EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/15 12:0 a.m.6 views

PT-2024-14082 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: mingSoft MCMS version 5.2.4 Description: An issue in mingSoft MCMS allows a remote attacker to obtain sensitive information via a crafted script to the password parameter. Recommendations: For mingSoft MCMS version 5.2.4, consider restricting...

7.5CVSS7.2AI score0.01119EPSS
Exploits1References7
OSV
OSV
added 2023/12/30 6:30 p.m.10 views

GHSA-3VVH-8C65-32J4 Mingsoft MCMS SQL injection

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...

8.8CVSS9.8AI score0.02222EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/12/30 6:30 p.m.26 views

Mingsoft MCMS SQL injection

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...

9.8CVSS8.3AI score0.02222EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/30 4:15 p.m.11 views

CVE-2023-50578

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...

9.8CVSS7.4AI score0.02222EPSS
Exploits1References3
NVD
NVD
added 2023/12/30 4:15 p.m.17 views

CVE-2023-50578

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...

9.8CVSS0.02222EPSS
Exploits1References1
Prion
Prion
added 2023/12/30 4:15 p.m.17 views

Sql injection

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...

7.5CVSS8.5AI score0.02222EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/30 12:0 a.m.5 views

PT-2023-31596 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS version 5.2.9 Description: A SQL injection issue was discovered in Mingsoft MCMS via the categoryType parameter at the "/content/list.do" API endpoint. This allows for potential exploitation. Recommendations: For Mingsoft MCMS...

9.8CVSS7.5AI score0.02222EPSS
Exploits1References10
OSV
OSV
added 2023/12/30 12:0 a.m.15 views

CVE-2023-50578

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...

9.8CVSS9.8AI score0.02222EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/12/30 12:0 a.m.10 views

CVE-2023-50578

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...

8.2AI score0.02222EPSS
Exploits1References1
Rows per page
Query Builder