3 matches found
CVE-2025-56316
A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via unsanitized input in the contenttitle parameter of the /cms/content/list endpoint during FreeMarker template rendering. An attacker can execute arbitrary SQL queries by supplying crafted input. Remediation Upgrade...
CVE-2025-56316
MCMS 5.5.0 is vulnerable to SQL injection in the content_title parameter of /cms/content/list during FreeMarker template rendering. Exploitation allows arbitrary SQL via unsanitized input. Impact is high (CVE-2025-56316 family). Remediation: upgrade net.mingsoft:ms-mcms to 6.0.2+ (per Snyk entry)...