2 matches found
Mingsoft MCMS - SQL Injection
SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list. id: CVE-2022-4375 info: name: Mingsoft MCMS - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere...
CVE-2022-4375
CVE-2022-4375 affects Mingsoft MCMS up to version 5.2.9. The vulnerability is a SQL injection in the /cms/category/list endpoint caused by improper handling of the sqlWhere parameter, allowing remote exploitation. Multiple connected sources confirm the issue and its impact, with upgrade to versio...