Vulnerabilities > Mingsoft > Mcms > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-30 CVE-2023-50578 SQL Injection vulnerability in Mingsoft Mcms 5.2.9
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2023-04-04 CVE-2020-20913 SQL Injection vulnerability in Mingsoft Mcms 4.7.2
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-12-09 CVE-2022-4375 SQL Injection vulnerability in Mingsoft Mcms
A vulnerability was found in Mingsoft MCMS up to 5.2.9.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-08-16 CVE-2022-36599 SQL Injection vulnerability in Mingsoft Mcms 5.2.8
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-08-16 CVE-2022-36272 SQL Injection vulnerability in Mingsoft Mcms 5.2.8
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-07-01 CVE-2022-31943 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.8
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
network
low complexity
mingsoft CWE-434
critical
 9.8
9.8
2022-06-02 CVE-2022-30506 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.7
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.
network
low complexity
mingsoft CWE-434
critical
 9.8
9.8
2022-05-11 CVE-2022-30048 SQL Injection vulnerability in Mingsoft Mcms 5.2.7
Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-05-11 CVE-2022-30047 SQL Injection vulnerability in Mingsoft Mcms 5.2.7
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-05-02 CVE-2022-27466 SQL Injection vulnerability in Mingsoft Mcms 5.2.27
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8