EPSS
Percentile
72.1%
net.mingsoft, ms-mcms is vulnerable to SQL injection. The vulnerability exists due to improper sanitization in the get function of categoryaction.java due to manipulation in the argument sqlWhere, via the /cms/category/list endpoint.
get
categoryaction.java
sqlWhere
/cms/category/list endpoint
gitee.com/mingSoft/MCMS/issues/I61TG5
github.com/advisories/GHSA-hc5g-xf64-j49j
github.com/ming-soft/MCMS/commit/6060a59f53b34d7759738b52308223e853bf6b4f
vuldb.com/?id.215196