23 matches found
CVE-2026-3026
A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...
JeeWMS 代码注入漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Versions of JeeWMS 3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the parameter ‘myEditor’ in the file...
CVE-2024-41577
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
MCMS allows arbitrary file uploads in the ueditor component
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...
GHSA-3922-2R6R-R4FV MCMS allows arbitrary file uploads in the ueditor component
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the ueditor component in the article management module. An attacker can execute arbitrary code by uploading a malicious XML file. Remediation Upgrade net.mingsoft:ms-mcms to version 5.5.0 or higher. References ...
CVE-2025-29287
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2025-29287
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2025-29287
CVE-2025-29287 affects MCMS v5.4.3 via the ueditor component, enabling arbitrary code execution through crafted file uploads. The vulnerability is known across multiple advisories (Red Hat, GHSA, OSV, NVD, Snyk, etc.), with CVSS v3.1 base score 9.8 (CRITICAL). Public references describe an arbitr...
PT-2025-17439 · Mcms +1 · Mcms +1
Name of the Vulnerable Software and Affected Versions: MCMS version 5.4.3 Description: An arbitrary file upload vulnerability in the ueditor component of MCMS allows attackers to execute arbitrary code via uploading a crafted file. Recommendations: For MCMS version 5.4.3, consider disabling the...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v5.4.3, which stems from the ueditor component allowing the upload of specially crafted files, which could lead to the execution of arbitrary code...
CVE-2025-29287
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-41577
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
CVE-2024-41577
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
CVE-2024-41577
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
CVE-2023-42398
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
CVE-2023-42398
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
CVE-2023-42398
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
Code injection
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...
CVE-2023-42398
The CVE-2023-42398 issue affects zzCMS v.2023, where an attacker can remotely execute arbitrary code and disclose sensitive data through the ueditor component in controller.php. The vulnerability is associated with zzCMS 2023 and involves the ueditor integration in controller.php, enabling code e...