📦 Mcms
by Mingsoft
🔍 What is Mcms?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to upload malicious files that can lead to remote code execution. This affects all systems running the v...
Mingsoft MCMS v5.2.9 contains a SQL injection vulnerability in the categoryType parameter at /content/list.do. This allows attackers to execute arbitrary SQL commands on the database, potentially comp...
CVE-2020-20913 is a critical SQL injection vulnerability in Ming-Soft MCMS v4.7.2 that allows remote attackers to execute arbitrary SQL commands via the basic_title parameter. This can lead to complet...
CVE-2022-30506 is an arbitrary file upload vulnerability in MCMS 5.2.7 that allows attackers to upload malicious ZIP files containing executable code. This can lead to remote code execution on affecte...
Mingsoft MCMS v5.2.7 contains a SQL injection vulnerability in the /mdiy/dict/listExcludeApp endpoint via the orderBy parameter. This allows attackers to execute arbitrary SQL commands on the database...
MCMS v5.2.27 contains a SQL injection vulnerability in the orderBy parameter at /dict/list.do endpoint. This allows attackers to execute arbitrary SQL commands on the database. Any organization runnin...
Mingsoft MCMS v5.2.7 contains a SQL injection vulnerability in the /cms/content/list endpoint that allows attackers to execute arbitrary SQL commands. This affects all organizations running the vulner...
MCMS versions up to 5.2.5 contain a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands on the server. This affects all systems r...
MCMS v5.2.5 contains a SQL injection vulnerability in the categoryId parameter that allows attackers to execute arbitrary SQL commands. This affects all systems running the vulnerable version of MCMS ...
MCMS v5.2.4 contains a SQL injection vulnerability in the search.do endpoint at /mdiy/dict/listExcludeApp. This allows attackers to execute arbitrary SQL commands on the database. Any organization run...
MCMS v5.2.5 contains a Server-Side Template Injection (SSTI) vulnerability in the Template Management module that allows attackers to execute arbitrary code on the server. This affects all systems run...
CVE-2021-44868 is a SQL injection vulnerability in ming-soft MCMS v5.1 that allows attackers to execute arbitrary SQL commands through the /ms/cms/content/list.do endpoint. This affects all systems ru...
This CVE describes a critical file upload vulnerability in mingSoft MCMS content management system that allows remote attackers to upload malicious JSPX webshell files. Attackers can execute arbitrary...
A critical remote code execution vulnerability in MCMS v5.2.4 allows attackers to execute arbitrary code on affected systems via crafted payloads in the Template Management function. This affects all ...
MCMS v5.2.4 contains an arbitrary file upload vulnerability in the /ms/template/writeFileContent.do endpoint that allows attackers to upload malicious files to the server. This affects all systems run...
CVE-2022-22928 is a critical vulnerability in MCMS v5.2.4 where a hardcoded Shiro key allows attackers to bypass authentication and execute arbitrary code remotely. This affects all systems running th...
CVE-2020-23262 is an unauthenticated SQL injection vulnerability in ming-soft MCMS v5.0 that allows attackers to execute arbitrary SQL commands without authentication through the /mcms/view.do endpoin...
MCMS v5.4.1 has an unauthenticated front-end file upload vulnerability that allows attackers to upload malicious files and execute arbitrary commands on the server. This affects all systems running th...
This vulnerability allows unauthenticated attackers to upload arbitrary files to MCMS 5.3.5 systems via a crafted POST request to /ms/file/upload.do. Attackers can potentially upload malicious files l...
MCMS 5.0 contains a file upload vulnerability that allows attackers to upload malicious files disguised as thumbnails, leading to arbitrary code execution. This affects all systems running MCMS 5.0 wi...
This CSRF vulnerability in MCMS 5.2.7 allows attackers to create unauthorized administrator accounts by tricking authenticated users into visiting malicious web pages. It affects all MCMS 5.2.7 instal...
MCMS v5.2.5 contains an arbitrary file deletion vulnerability via the oldFileName component. This allows attackers to delete arbitrary files on the server, potentially causing denial of service or dat...
MCMS v5.2.4 contains an arbitrary file deletion vulnerability in the /template/unzip.do component that allows attackers to delete files on the server. This affects all systems running MCMS v5.2.4 with...
This CSRF vulnerability in MCMS 4.6.5 allows attackers to create unauthorized administrator accounts by tricking authenticated users into visiting malicious web pages. It affects all MCMS installation...
This vulnerability in mingSoft MCMS 6.1.1 allows remote attackers to upload arbitrary files via the /ms/file/uploadTemplate.do endpoint. This unrestricted file upload flaw can lead to server compromis...
This vulnerability in MCMS v6.0.1 allows attackers to upload malicious files to the server, which can then be executed to run arbitrary code. This affects all systems running the vulnerable version of...