Mingsoft Security Vulnerabilities (CVEs)
Track 26 security vulnerabilities affecting Mingsoft products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in mingSoft MCMS 6.1.1 allows remote attackers to upload arbitrary files via the /ms/file/uploadTemplate.do endpoint. This unrestri...
Feb 18, 2026This vulnerability in MCMS v6.0.1 allows attackers to upload malicious files to the server, which can then be executed to run arbitrary code. This aff...
Oct 10, 2025An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to upload malicious files that can lead to remote code...
Apr 21, 2025MCMS v5.4.1 has an unauthenticated front-end file upload vulnerability that allows attackers to upload malicious files and execute arbitrary commands ...
Sep 3, 2024This vulnerability allows unauthenticated attackers to upload arbitrary files to MCMS 5.3.5 systems via a crafted POST request to /ms/file/upload.do. ...
Feb 5, 2024Mingsoft MCMS v5.2.9 contains a SQL injection vulnerability in the categoryType parameter at /content/list.do. This allows attackers to execute arbitr...
Dec 30, 2023MCMS 5.0 contains a file upload vulnerability that allows attackers to upload malicious files disguised as thumbnails, leading to arbitrary code execu...
May 8, 2023CVE-2020-20913 is a critical SQL injection vulnerability in Ming-Soft MCMS v4.7.2 that allows remote attackers to execute arbitrary SQL commands via t...
Apr 4, 2023CVE-2022-30506 is an arbitrary file upload vulnerability in MCMS 5.2.7 that allows attackers to upload malicious ZIP files containing executable code....
Jun 2, 2022This CSRF vulnerability in MCMS 5.2.7 allows attackers to create unauthorized administrator accounts by tricking authenticated users into visiting mal...
Jun 2, 2022Mingsoft MCMS v5.2.7 contains a SQL injection vulnerability in the /mdiy/dict/listExcludeApp endpoint via the orderBy parameter. This allows attackers...
May 11, 2022MCMS v5.2.27 contains a SQL injection vulnerability in the orderBy parameter at /dict/list.do endpoint. This allows attackers to execute arbitrary SQL...
May 2, 2022Mingsoft MCMS v5.2.7 contains a SQL injection vulnerability in the /cms/content/list endpoint that allows attackers to execute arbitrary SQL commands....
Apr 5, 2022MCMS versions up to 5.2.5 contain a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary ...
Mar 4, 2022MCMS v5.2.5 contains a SQL injection vulnerability in the categoryId parameter that allows attackers to execute arbitrary SQL commands. This affects a...
Mar 3, 2022MCMS v5.2.4 contains a SQL injection vulnerability in the search.do endpoint at /mdiy/dict/listExcludeApp. This allows attackers to execute arbitrary ...
Mar 3, 2022MCMS v5.2.5 contains an arbitrary file deletion vulnerability via the oldFileName component. This allows attackers to delete arbitrary files on the se...
Feb 18, 2022MCMS v5.2.5 contains a Server-Side Template Injection (SSTI) vulnerability in the Template Management module that allows attackers to execute arbitrar...
Feb 18, 2022MCMS v5.2.4 contains an arbitrary file deletion vulnerability in the /template/unzip.do component that allows attackers to delete files on the server....
Feb 18, 2022CVE-2021-44868 is a SQL injection vulnerability in ming-soft MCMS v5.1 that allows attackers to execute arbitrary SQL commands through the /ms/cms/con...
Feb 17, 2022This CVE describes a critical file upload vulnerability in mingSoft MCMS content management system that allows remote attackers to upload malicious JS...
Jan 26, 2022A critical remote code execution vulnerability in MCMS v5.2.4 allows attackers to execute arbitrary code on affected systems via crafted payloads in t...
Jan 21, 2022MCMS v5.2.4 contains an arbitrary file upload vulnerability in the /ms/template/writeFileContent.do endpoint that allows attackers to upload malicious...
Jan 21, 2022CVE-2022-22928 is a critical vulnerability in MCMS v5.2.4 where a hardcoded Shiro key allows attackers to bypass authentication and execute arbitrary ...
Jan 21, 2022CVE-2020-23262 is an unauthenticated SQL injection vulnerability in ming-soft MCMS v5.0 that allows attackers to execute arbitrary SQL commands withou...
Jan 26, 2021This CSRF vulnerability in MCMS 4.6.5 allows attackers to create unauthorized administrator accounts by tricking authenticated users into visiting mal...
Sep 23, 2018Why Monitor Mingsoft Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 26+ known vulnerabilities affecting Mingsoft products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Mingsoft packages in under 60 seconds. No agents required - completely agentless scanning that works across Mingsoft deployments.
Free vulnerability database: Access detailed information about every Mingsoft CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Mingsoft CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
