Vulnerabilities > Mingsoft > Mcms > 5.2.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2022-22928 | Use of Hard-coded Credentials vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. | 9.8 |
| 2022-01-21 | CVE-2022-22929 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | 9.8 |
| 2022-01-21 | CVE-2022-22930 | Unspecified vulnerability in Mingsoft Mcms 5.2.4 A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload. | 9.8 |
| 2022-01-21 | CVE-2022-23314 | SQL Injection vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | 9.8 |
| 2022-01-21 | CVE-2022-23315 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | 9.8 |