Vulnerabilities > Mingsoft > Mcms > 5.2.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-28 | CVE-2023-3990 | Cross-site Scripting vulnerability in Mingsoft Mcms A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. | 6.1 |
| 2022-12-09 | CVE-2022-4375 | SQL Injection vulnerability in Mingsoft Mcms A vulnerability was found in Mingsoft MCMS up to 5.2.9. | 9.8 |
| 2022-06-02 | CVE-2022-29647 | Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7 An issue was discovered in MCMS 5.2.7. | 6.8 |
| 2022-06-02 | CVE-2022-30506 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.7 An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | 7.5 |
| 2022-05-11 | CVE-2022-30047 | SQL Injection vulnerability in Mingsoft Mcms 5.2.7 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. | 7.5 |
| 2022-05-11 | CVE-2022-30048 | SQL Injection vulnerability in Mingsoft Mcms 5.2.7 Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. | 7.5 |
| 2022-04-22 | CVE-2022-27340 | Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7 MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. | 6.8 |
| 2022-04-05 | CVE-2022-26585 | SQL Injection vulnerability in Mingsoft Mcms 5.2.7 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | 7.5 |