net.mingsoft:ms-mweixin (=1.0.7) potentially affected by CVE-2026-2666 via net.mingsoft:ms-mcms (=6.1.1)

net.mingsoft:ms-mcms MAVEN version =6.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on net.mingsoft:ms-mcms and may be impacted: - net.mingsoft:ms-mweixin =1.0.7 Source cves: CVE-2026-2666 Source advisory: OSV:GHSA-R9WP-QQ53-QVJX...

net.mingsoft:ms-mweixin (=1.0.7) potentially affected by CVE-2026-2666 via net.mingsoft:ms-mcms (=6.1.1)

net.mingsoft:ms-mcms MAVEN version =6.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on net.mingsoft:ms-mcms and may be impacted: - net.mingsoft:ms-mweixin =1.0.7 Source cves: CVE-2026-2666 Source advisory: SNYK:JAVA-NETMINGSOFT-15323728...

Cross-site Scripting (XSS)

net.mingsoft:ms-mcms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser through a crafted payload...

net.mingsoft:ms-mweixin (=1.0.7) potentially affected by CVE-2025-60837 via net.mingsoft:ms-mcms (=6.1.1)

net.mingsoft:ms-mcms MAVEN version =6.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on net.mingsoft:ms-mcms and may be impacted: - net.mingsoft:ms-mweixin =1.0.7 Source cves: CVE-2025-60837 Source advisory: SNYK:JAVA-NETMINGSOFT-13704166...

SQL Injection

net.mingsoft: ms-mcms is vulnerable to SQL Injection. The vulnerability exists via the category Type parameter within /content/list.do, which allows an attacker to manipulate the backend database by injecting malicious SQL commands...

SQL Injection

net.mingsoft, ms-mcms is vulnerable to SQL Injection. The vulnerability exists because the library does not properly validate the query strings in the basictitle parameter , allowing an attacker to inject and execute malicious SQL queries...

Arbitrary File Write

net.mingsoft:ms-mcms is vulnerable to Arbitrary File Write. An authenticated attacker is able to cause an arbitrary file write via the ms/template/writeFileContent.do component due to unrestricted file upload...

SQL Injection

net.mingsoft, ms-mcms is vulnerable to SQL injection. The vulnerability exists due to improper sanitization in the get function of categoryaction.java due to manipulation in the argument sqlWhere, via the /cms/category/list endpoint...

Remote code execution in net.mingsoft:ms-mcms

net.mingsoft:ms-mcms =5.2.5 is affected by: RCE. The impact is: execute arbitrary code remote. The attack vector is: $"freemarker.template.utility.Execute"?new"calc". ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise...

SQL injection in net.mingsoft:ms-mcms

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...

GHSA-968C-MM28-JFW4 SQL injection in net.mingsoft:ms-mcms

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...

Remote Code Execution (RCE)

ms-mcms is vulnerable to a remote code execution RCE attack. The application does not verify user login statuses, allowing a malicious user to upload jsp files with .png filenames to inject and execute arbitrary JSP code...

Arbitrary File Write

ms-mcms is vulnerable to arbitrary file write attacks. The vulnerability exists in com/mingsoft/cms/action/GeneraterAction.java where the value of the url parameter could be used to specify arbitrary .jsp files to be written...

Cross-Site Request Forgery (CSRF)

ms-mcms is vulnerable to cross-site forgery request. An attacker is able to trick an administrator into visiting a malicious HTML page which adds an administrator account on behalf of the victim...