RSS   Podatności dla 'MCMS'   RSS

2022-06-02
 
CVE-2022-29647

CWE-352
 

 
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.

 
 
CVE-2022-30506

CWE-434
 

 
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.

 
2022-05-02
 
CVE-2022-27466

CWE-89
 

 
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.

 
2022-04-05
 
CVE-2022-26585

CWE-89
 

 
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.

 
2022-03-04
 
CVE-2021-46384

CWE-287
 

 
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. �?�? MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.

 
2022-03-03
 
CVE-2022-23898

CWE-89
 

 
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.

 
 
CVE-2022-23899

CWE-89
 

 
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.

 
 
CVE-2022-25125

CWE-89
 

 
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.

 
2022-02-18
 
CVE-2021-46036

CWE-434
 

 
An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.

 
 
CVE-2021-46037

NVD-CWE-noinfo
 

 
MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.

 


Copyright 2024, cxsecurity.com

 

Back to Top