Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0735

Malware in sbrugna...

7.5CVSS7.6AI score0.01543EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4463

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00572EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2018/11/01 2:47 p.m.28 views

Path Traversal in minsoft:ms-mcms

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file in the position parameter to an arbitrary directory via a ../ Directory Traversal in the url parameter...

7.5CVSS4.8AI score0.01543EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/10/30 6:29 a.m.17 views

Design/Logic Flaw

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...

7.5CVSS9.6AI score0.01205EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/10/30 6:29 a.m.13 views

CVE-2018-18830

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...

9.8CVSS9.7AI score0.01205EPSS
Exploits0References1
NVD
NVD
added 2018/10/30 6:29 a.m.19 views

CVE-2018-18831

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file in the position parameter to an arbitrary directory via a ../ Directory Traversal in the url parameter...

7.5CVSS7.5AI score0.01543EPSS
Exploits0References1
CVE
CVE
added 2018/10/30 6:0 a.m.75 views

CVE-2018-18831

The CVE-2018-18831 issue affects MCMS 4.6.5, specifically in com\mingsoft\cms\action\GeneraterAction.java. An attacker can exploit a directory traversal via the position parameter in the url to write a .jsp file to an arbitrary directory, enabling arbitrary file write. The connected advisories de...

7.5CVSS7.4AI score0.01543EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/10/30 6:0 a.m.77 views

CVE-2018-18830

MCMS 4.6.5 is affected by a flaw in com\mingsoft\basic\action\web\FileAction.java where the upload interface does not verify login status, allowing an attacker to upload JSP content disguised as a .png file and then coerce a suffix change to .jsp to access a stored path and execute arbitrary JSP ...

9.8CVSS9.7AI score0.01205EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/10/30 6:0 a.m.16 views

CVE-2018-18830

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercep...

9.8AI score0.01205EPSS
Exploits0References1
Prion
Prion
added 2018/09/23 6:29 p.m.19 views

Cross site request forgery (csrf)

An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do...

6.8CVSS8.6AI score0.00572EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/09/23 6:29 p.m.23 views

CVE-2018-17366

An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do...

8.8CVSS8.7AI score0.00572EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/23 6:0 p.m.20 views

CVE-2018-17366

An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do...

8.7AI score0.00572EPSS
Exploits0References1
Rows per page
Query Builder