Vulnerabilities > Mingsoft > Mcms > 5.2.4

DATE CVE VULNERABILITY TITLE RISK
2022-01-21 CVE-2022-22928 Use of Hard-coded Credentials vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.
network
low complexity
mingsoft CWE-798
critical
9.8
2022-01-21 CVE-2022-22929 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
network
low complexity
mingsoft CWE-434
critical
9.8
2022-01-21 CVE-2022-22930 Unspecified vulnerability in Mingsoft Mcms 5.2.4
A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.
network
low complexity
mingsoft
critical
9.8
2022-01-21 CVE-2022-23314 SQL Injection vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.
network
low complexity
mingsoft CWE-89
critical
9.8
2022-01-21 CVE-2022-23315 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.
network
low complexity
mingsoft CWE-434
critical
9.8