Vulnerabilities > Mingsoft > Mcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2022-29647 | Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7 An issue was discovered in MCMS 5.2.7. | 6.8 |
| 2022-06-02 | CVE-2022-30506 | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.7 An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | 7.5 |
| 2022-05-11 | CVE-2022-30047 | SQL Injection vulnerability in Mingsoft Mcms 5.2.7 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. | 7.5 |
| 2022-05-11 | CVE-2022-30048 | SQL Injection vulnerability in Mingsoft Mcms 5.2.7 Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. | 7.5 |
| 2022-05-02 | CVE-2022-27466 | SQL Injection vulnerability in Mingsoft Mcms 5.2.27 MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. | 7.5 |
| 2022-04-22 | CVE-2022-27340 | Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7 MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. | 6.8 |
| 2022-04-05 | CVE-2022-26585 | SQL Injection vulnerability in Mingsoft Mcms 5.2.7 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | 7.5 |
| 2022-03-04 | CVE-2021-46384 | Missing Authentication for Critical Function vulnerability in Mingsoft Mcms https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. | 7.5 |
| 2022-03-03 | CVE-2022-23898 | SQL Injection vulnerability in Mingsoft Mcms 5.2.5 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. | 7.5 |
| 2022-03-03 | CVE-2022-23899 | SQL Injection vulnerability in Mingsoft Mcms 5.2.5 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. | 7.5 |