234 matches found
net.mingsoft:ms-ad (=1.0.0), net.mingsoft:ms-clean (>=1.0.0 <=1.0.1) +23 more potentially affected by CVE-2024-33748 via net.mingsoft:ms-basic (>=1.0.10 <=2.1.13.1)
net.mingsoft:ms-basic MAVEN version =1.0.10, =1.0.0, =1.0.4, =1.0.0, =4.6.3-SNAPSHOTS, =1.0.0, =1.0.4, =1.0.0, =1.0.1, =1.0.1, =1.0.2 and more Source cves: CVE-2024-33748 Source advisory: OSV:GHSA-64CM-3CJ3-67HF...
PT-2024-25461 · Unknown · Mvnrepository Ms Basic +1
Name of the Vulnerable Software and Affected Versions: MvnRepository MS Basic versions 2.1.18.3 and earlier Maven net.mingsoft MS Basic versions 2.1.13.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability in the search function. This type of vulnerability...
Arbitrary File Upload
mingSoft is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation when uploading files within the following POST request /ms/file/upload.do. This issue can be exploited by an attacker to upload arbitrary files...
MingSoft MCMS Security Vulnerability
MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.3.5, which stems from a file upload vulnerability that allows an attacker to upload arbitrary files via a crafted POST request...
GHSA-H57W-VH34-F8CW Code injection in mingSoft MCMS
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...
Code injection in mingSoft MCMS
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...
CVE-2023-51282
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...
CVE-2023-51282
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...
CVE-2023-51282
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter...
MingSoft MCMS Security Vulnerability
MingSoft MCMS is a complete open source J2ee system from China-based MingSoft. A security vulnerability exists in MingSoft MCMS version v.5.2.4, which originated from a vulnerability that allows remote attackers to obtain sensitive information via a carefully crafted script...
CVE-2023-51282
CVE-2023-51282 affects mingSoft MCMS v5.2.4. The issue allows a remote attacker to obtain sensitive information by sending a crafted script to the password parameter, with a CVSS v3.1 base score of 7.5 (HIGH) and network attack Vector, low attack complexity, no privileges required, no user intera...
PT-2024-14082 · Mingsoft · Mingsoft Mcms
Name of the Vulnerable Software and Affected Versions: mingSoft MCMS version 5.2.4 Description: An issue in mingSoft MCMS allows a remote attacker to obtain sensitive information via a crafted script to the password parameter. Recommendations: For mingSoft MCMS version 5.2.4, consider restricting...
GHSA-3VVH-8C65-32J4 Mingsoft MCMS SQL injection
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...
Mingsoft MCMS SQL injection
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...
CVE-2023-50578
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...
CVE-2023-50578
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...
Sql injection
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...
PT-2023-31596 · Mingsoft · Mingsoft Mcms
Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS version 5.2.9 Description: A SQL injection issue was discovered in Mingsoft MCMS via the categoryType parameter at the "/content/list.do" API endpoint. This allows for potential exploitation. Recommendations: For Mingsoft MCMS...
CVE-2023-50578
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...
CVE-2023-50578
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do...