CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

180 matches found

OSV•added 2022/12/09 9:30 a.m.•23 views

GHSA-HC5G-XF64-J49J Mingsoft MCMS vulnerable to SQL Injection

A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

9.8CVSS8.2AI score0.26228EPSS

Exploits1References4

Github Security Blog•added 2022/12/09 9:30 a.m.•16 views

Mingsoft MCMS vulnerable to SQL Injection

9.8CVSS9.6AI score0.26228EPSS

Exploits1References4Affected Software1

NVD•added 2022/12/09 8:15 a.m.•11 views

CVE-2022-4375

9.8CVSS0.26228EPSS

Exploits1References2

Prion•added 2022/12/09 8:15 a.m.•14 views

Sql injection

7.5CVSS9.8AI score0.26228EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/12/09 12:0 a.m.•13 views

CVE-2022-4375 Mingsoft MCMS list sql injection

6.3CVSS10AI score0.26228EPSS

Exploits1References2

Positive Technologies•added 2022/12/09 12:0 a.m.•2 views

PT-2022-27022 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS versions up to 5.2.9 Description: A critical issue has been found, affecting an unknown function of the file /cms/category/list. The manipulation of the sqlWhere argument leads to sql injection, allowing for remote attacks...

9.8CVSS9.5AI score0.26228EPSS

Exploits1References7

CNNVD•added 2022/12/09 12:0 a.m.•1 views

Mingsoft MCMS SQL注入漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A SQL injection vulnerability exists in MingSoft MCMS versions prior to 5.2.9, which stems from incorrect manipulation of the parameter sqlWhere resulting in sql injection...

9.8CVSS8.5AI score0.26228EPSS

Exploits1References3

CVE•added 2022/12/09 12:0 a.m.•76 views

CVE-2022-4375

CVE-2022-4375 affects Mingsoft MCMS up to version 5.2.9. The vulnerability is a SQL injection in the /cms/category/list endpoint caused by improper handling of the sqlWhere parameter, allowing remote exploitation. Multiple connected sources confirm the issue and its impact, with upgrade to versio...

9.8CVSS8.3AI score0.26228EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2022/12/09 12:0 a.m.•4 views

CVE-2022-4375 Mingsoft MCMS list sql injection

6.3CVSS7.1AI score0.26228EPSS

Exploits1References2

Github Security Blog•added 2022/12/08 12:30 p.m.•17 views

Mingsoft MCMS vulnerable to Cross-site Scripting

A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument contenttitle leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed ...

6.1CVSS6AI score0.00177EPSS

Exploits1References4Affected Software1

OSV•added 2022/12/08 12:30 p.m.•12 views

GHSA-P46C-M4J7-MJVQ Mingsoft MCMS vulnerable to Cross-site Scripting

6.1CVSS4.7AI score0.00177EPSS

Exploits1References4

NVD•added 2022/12/08 10:15 a.m.•7 views

CVE-2022-4350

6.1CVSS0.00177EPSS

Exploits1References2

OSV•added 2022/12/08 10:15 a.m.•0 views

CVE-2022-4350

6.1CVSS4AI score

Exploits0References2

Prion•added 2022/12/08 10:15 a.m.•11 views

Cross site scripting

5.8CVSS6AI score0.00177EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2022/12/08 12:0 a.m.•1 views

PT-2022-26947 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS version 5.2.8 Description: A problematic issue was found in Mingsoft MCMS, affecting an unknown function of the file search.do. The manipulation of the content title argument leads to cross-site scripting. It is possible to laun...

6.1CVSS5.9AI score0.00177EPSS

Exploits1References7

Vulnrichment•added 2022/12/08 12:0 a.m.•6 views

CVE-2022-4350 Mingsoft MCMS search.do cross site scripting

3.5CVSS6.4AI score0.00177EPSS

Exploits1References2

CNNVD•added 2022/12/08 12:0 a.m.•1 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A security vulnerability exists in MingSoft MCMS version 5.2.8, which stems from the manipulation of the contenttitle parameter by an unknown function in the search.do file, leading to cross-site scripting. The attack meth...

6.1CVSS5.2AI score0.00177EPSS

Exploits1References3

CVE•added 2022/12/08 12:0 a.m.•77 views

CVE-2022-4350

CVE-2022-4350 affects Mingsoft MCMS 5.2.8. The vulnerability is in an unknown function within the file search.do; manipulating the content_title argument leads to cross-site scripting (XSS). Remote exploitation is possible, and the exploit has been disclosed publicly (VDB-215112). Multiple source...

6.1CVSS4.8AI score0.00177EPSS

Exploits1References2Affected Software1

Veracode•added 2022/08/17 6:30 a.m.•31 views

SQL Injection

Mingsoft MCMS are vulnerable to sql injection attacks. The vulnerability exists in verify function in PageAction.java because the validated function call is not properly handled allows an attacker to inject and execute arbitrary queries...

9.8CVSS9.5AI score0.00409EPSS

Exploits1References2Affected Software2

OSV•added 2022/08/17 12:0 a.m.•21 views

GHSA-W3RC-2WHG-W934 Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists...

9.8CVSS9.8AI score0.00508EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by