Vulnerabilities > Mingsoft > Mcms > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-01-21 CVE-2022-23314 SQL Injection vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-01-21 CVE-2022-22930 Unspecified vulnerability in Mingsoft Mcms 5.2.4
A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.
network
low complexity
mingsoft
critical
 9.8
9.8
2022-01-21 CVE-2022-22929 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
network
low complexity
mingsoft CWE-434
critical
 9.8
9.8
2022-01-21 CVE-2022-22928 Use of Hard-coded Credentials vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.
network
low complexity
mingsoft CWE-798
critical
 9.8
9.8
2021-01-26 CVE-2020-23262 SQL Injection vulnerability in Mingsoft Mcms 5.0.0
An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2018-10-30 CVE-2018-18830 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 4.6.5
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5.
network
low complexity
mingsoft CWE-434
critical
 9.8
9.8