Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mingsoft Subscribe
Filtered by product Mcms

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29647 1 Mingsoft 1 Mcms 2022-06-09 6.8 MEDIUM 8.8 HIGH
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
CVE-2022-27340 1 Mingsoft 1 Mcms 2022-05-06 6.8 MEDIUM 8.8 HIGH
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.
CVE-2021-46062 1 Mingsoft 1 Mcms 2022-02-25 5.8 MEDIUM 7.1 HIGH
MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.
CVE-2021-46037 1 Mingsoft 1 Mcms 2022-02-25 5.5 MEDIUM 8.1 HIGH
MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.
CVE-2021-46385 1 Mingsoft 1 Mcms 2022-02-04 5.0 MEDIUM 7.5 HIGH
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
CVE-2021-46383 1 Mingsoft 1 Mcms 2022-02-02 5.0 MEDIUM 7.5 HIGH
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
CVE-2018-18831 1 Mingsoft 1 Mcms 2018-12-11 5.0 MEDIUM 7.5 HIGH
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.