CVE-2018-9993

YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/ page aka a news center page...

SQL Injection

net.mingsoft:ms-mcms is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the contenttitle parameter in the /cms/content/list endpoint, which allows an attacker to inject and execute arbitrary SQL queries through crafted input in the FreeMarker template rendering...

EUVD-2025-34912

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

GHSA-54WC-49QJ-5GHJ MCMS vulnerable SQL injection via the content_title parameter

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 through 6.0.1 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

MCMS vulnerable SQL injection via the content_title parameter

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 through 6.0.1 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

CVE-2025-56316

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

CVE-2025-56316

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via unsanitized input in the contenttitle parameter of the /cms/content/list endpoint during FreeMarker template rendering. An attacker can execute arbitrary SQL queries by supplying crafted input. Remediation Upgrade...

CVE-2025-56316

MCMS 5.5.0 is vulnerable to SQL injection in the content_title parameter of /cms/content/list during FreeMarker template rendering. Exploitation allows arbitrary SQL via unsanitized input. Impact is high (CVE-2025-56316 family). Remediation: upgrade net.mingsoft:ms-mcms to 6.0.2+ (per Snyk entry)...

CVE-2025-56316

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

CVE-2025-56316

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.5.0, which stems from a FreeMarker template rendering without clearing the contenttitle parameter input, which could lead to a SQL injection attack...

EUVD-2018-21585

Malware in sbrugna...

EUVD-2009-1248

Malware in sbrugna...

EUVD-2012-2690

Malware in sbrugna...

EUVD-2012-2887

Malware in sbrugna...

PT-2025-34720 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions prior to 3.5.1 Description: A security vulnerability has been detected in mtons mblog. The vulnerability affects unknown code within the /post/submit file of the Post Handler component. Manipulation of the content/title...

CVE-2021-4369

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfmeditfiletitledesc AJ...

PT-2023-9887 · Unknown · Gesellix Titlelink

Name of the Vulnerable Software and Affected Versions: gesellix titlelink affected versions not specified Description: A critical issue was found in gesellix titlelink on Joomla, affecting an unknown functionality of the file plugin content title.php. The manipulation of the phrase argument leads...

Pomash 跨站脚本漏洞

Pomash is a lightweight blogging system by the individual developer of JmPotato. Pomash suffers from a cross-site scripting vulnerability that stems from incorrect manipulation of the parameters article.title/content.title/article.tag leading to cross-site scripting...