Vulnerabilities > Mingsoft

DATE CVE VULNERABILITY TITLE RISK
2022-08-16 CVE-2022-36272 SQL Injection vulnerability in Mingsoft Mcms 5.2.8
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-08-16 CVE-2022-36599 SQL Injection vulnerability in Mingsoft Mcms 5.2.8
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-07-01 CVE-2022-31943 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.8
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
network
low complexity
mingsoft CWE-434
critical
 9.8
9.8
2022-06-02 CVE-2022-29647 Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7
An issue was discovered in MCMS 5.2.7.
network
low complexity
mingsoft CWE-352
8.8
8.8
2022-06-02 CVE-2022-30506 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.7
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.
network
low complexity
mingsoft CWE-434
critical
 9.8
9.8
2022-05-11 CVE-2022-30047 SQL Injection vulnerability in Mingsoft Mcms 5.2.7
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-05-11 CVE-2022-30048 SQL Injection vulnerability in Mingsoft Mcms 5.2.7
Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-05-02 CVE-2022-27466 SQL Injection vulnerability in Mingsoft Mcms 5.2.27
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-04-22 CVE-2022-27340 Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do.
network
low complexity
mingsoft CWE-352
8.8
8.8
2022-04-05 CVE-2022-26585 SQL Injection vulnerability in Mingsoft Mcms 5.2.7
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8