Mcms Security Vulnerabilities and Issues — Mcms CVE List

Lucene search

MingsoftMcms

42 matches found

CVE•added 2024/02/05 8:15 p.m.•191 views

CVE-2024-22567

File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.

8.8CVSS8.6AI score0.01286EPSS

CVE•added 2022/01/21 12:15 a.m.•137 views

CVE-2022-23315

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.

9.8CVSS9.6AI score0.00678EPSS

CVE•added 2022/01/21 12:15 a.m.•116 views

CVE-2022-22928

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.

9.8CVSS9.7AI score0.02316EPSS

CVE•added 2022/03/03 7:15 p.m.•104 views

CVE-2022-23898

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.

9.8CVSS9.8AI score0.82815EPSS

CVE•added 2022/04/05 1:15 a.m.•104 views

CVE-2022-26585

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.

9.8CVSS9.8AI score0.33843EPSS

CVE•added 2022/02/18 8:15 p.m.•103 views

CVE-2021-46063

MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.

9.1CVSS9.3AI score0.10255EPSS

CVE•added 2022/03/04 10:15 p.m.•103 views

CVE-2021-46384

https://gitee.com/mingSoft/MCMS MCMS

9.8CVSS9.5AI score0.09689EPSS

CVE•added 2022/03/03 7:15 p.m.•100 views

CVE-2022-25125

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.

9.8CVSS9.8AI score0.82815EPSS

CVE•added 2022/02/18 7:15 p.m.•99 views

CVE-2021-46037

MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.

8.1CVSS8.1AI score0.00222EPSS

CVE•added 2022/02/18 7:15 p.m.•97 views

CVE-2021-46036

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.

9.8CVSS9.7AI score0.10278EPSS

CVE•added 2022/02/18 8:15 p.m.•97 views

CVE-2021-46062

MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.

7.1CVSS7AI score0.00162EPSS

CVE•added 2022/01/21 12:15 a.m.•91 views

CVE-2022-23314

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.

9.8CVSS9.8AI score0.00402EPSS

CVE•added 2022/06/02 2:15 p.m.•91 views

CVE-2022-30506

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.

9.8CVSS9.6AI score0.02519EPSS

CVE•added 2022/03/03 7:15 p.m.•89 views

CVE-2022-23899

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2022/04/22 8:15 p.m.•89 views

CVE-2022-27340

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.

8.8CVSS8.8AI score0.00285EPSS

CVE•added 2022/02/17 4:15 p.m.•85 views

CVE-2021-44868

A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do

9.8CVSS9.5AI score0.00505EPSS

CVE•added 2022/08/16 1:15 p.m.•77 views

CVE-2022-36272

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.

9.8CVSS9.8AI score0.00212EPSS

CVE•added 2025/04/21 3:15 p.m.•77 views

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.

9.8CVSS7.8AI score0.00107EPSS

CVE•added 2022/01/21 12:15 a.m.•76 views

CVE-2022-22929

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

9.8CVSS9.6AI score0.02652EPSS

CVE•added 2022/08/16 1:15 p.m.•76 views

CVE-2022-36599

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.

9.8CVSS9.8AI score0.00286EPSS

CVE•added 2022/07/01 9:15 p.m.•70 views

CVE-2022-31943

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.

9.8CVSS9.3AI score0.00364EPSS

CVE•added 2022/12/08 10:15 a.m.•69 views

CVE-2022-4350

A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed t...

6.1CVSS4.8AI score0.0006EPSS

CVE•added 2022/05/02 2:15 p.m.•66 views

CVE-2022-27466

MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.

9.8CVSS9.7AI score0.00381EPSS

CVE•added 2022/06/02 2:15 p.m.•66 views

CVE-2022-29647

An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.

8.8CVSS8.6AI score0.00489EPSS

CVE•added 2022/12/21 10:15 p.m.•65 views

CVE-2022-4640

A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the publi...

5.4CVSS4.4AI score0.0006EPSS

CVE•added 2018/10/30 6:29 a.m.•62 views

CVE-2018-18830

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept ...

9.8CVSS9.7AI score0.00433EPSS

CVE•added 2018/10/30 6:29 a.m.•60 views

CVE-2018-18831

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.

7.5CVSS7.4AI score0.00456EPSS

CVE•added 2022/05/11 6:15 p.m.•59 views

CVE-2022-30048

Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.

9.8CVSS9.8AI score0.00355EPSS

CVE•added 2022/12/09 8:15 a.m.•58 views

CVE-2022-4375

A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

9.8CVSS8.3AI score0.49341EPSS

CVE•added 2022/05/11 6:15 p.m.•57 views

CVE-2022-30047

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.

9.8CVSS9.8AI score0.00355EPSS

CVE•added 2021/01/26 6:15 p.m.•54 views

CVE-2020-23262

An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.

9.8CVSS9.8AI score0.00264EPSS

CVE•added 2022/01/21 12:15 a.m.•50 views

CVE-2022-22930

A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.

9.8CVSS9.7AI score0.18145EPSS

CVE•added 2023/01/26 9:18 p.m.•50 views

CVE-2022-47042

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.

8.8CVSS8.8AI score0.00219EPSS

CVE•added 2022/01/26 5:15 p.m.•48 views

CVE-2021-46386

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.

9.8CVSS9.6AI score0.06397EPSS

CVE•added 2023/07/28 7:15 a.m.•48 views

CVE-2023-3990

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely....

6.1CVSS4.7AI score0.06179EPSS

CVE•added 2022/01/26 7:15 p.m.•46 views

CVE-2021-46385

https://gitee.com/mingSoft/MCMS MCMS

7.5CVSS7.6AI score0.0044EPSS

CVE•added 2023/04/04 3:15 p.m.•42 views

CVE-2020-20913

SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.

9.8CVSS9.8AI score0.03613EPSS

CVE•added 2022/01/26 5:15 p.m.•41 views

CVE-2021-46383

https://gitee.com/mingSoft/MCMS MCMS

7.5CVSS7.6AI score0.0044EPSS

CVE•added 2023/05/08 2:15 p.m.•40 views

CVE-2020-22755

File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.

8.8CVSS9.2AI score0.00364EPSS

CVE•added 2024/09/03 4:15 p.m.•40 views

CVE-2024-42991

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.

8.1CVSS7AI score0.01563EPSS

CVE•added 2024/01/16 2:15 a.m.•39 views

CVE-2023-51282

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.

7.5CVSS7.2AI score0.00205EPSS

CVE•added 2023/12/30 4:15 p.m.•29 views

CVE-2023-50578

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.

9.8CVSS9.8AI score0.00269EPSS