CVE-2024-22567

File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.

CVE-2024-42991

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.

CVE-2023-51282

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.