CVE-2022-23898

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...

CVE-2022-31943

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability...

CVE-2022-27340

MCMS v5.2.7 contains a Cross-Site Request Forgery CSRF via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data...

CVE-2025-56316

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2022-27340

MCMS v5.2.7 contains a Cross-Site Request Forgery CSRF via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data...

CVE-2022-23898

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...

CVE-2021-44868

A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do...

CVE-2022-22928

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code...