Mcms@5.2.5 Security Vulnerabilities and Issues — Mcms@5.2.5 CVE List

Lucene search

MingsoftMcms5.2.5

5 matches found

CVE•added 2022/03/03 7:15 p.m.•104 views

CVE-2022-23898

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.

9.8CVSS9.8AI score0.82815EPSS

CVE•added 2022/02/18 8:15 p.m.•103 views

CVE-2021-46063

MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.

9.1CVSS9.3AI score0.10255EPSS

CVE•added 2022/02/18 8:15 p.m.•96 views

CVE-2021-46062

MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.

7.1CVSS7AI score0.00162EPSS

CVE•added 2022/03/03 7:15 p.m.•89 views

CVE-2022-23899

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2022/12/09 8:15 a.m.•58 views

CVE-2022-4375

A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

9.8CVSS8.3AI score0.49341EPSS