Vulnerabilities > Mingsoft

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-26	CVE-2021-46383	SQL Injection vulnerability in Mingsoft Mcms https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. network low complexity mingsoft CWE-89	7.5
2022-01-26	CVE-2021-46386	Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. network low complexity mingsoft CWE-434 critical	9.8
2022-01-21	CVE-2022-22928	Use of Hard-coded Credentials vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. network low complexity mingsoft CWE-798 critical	9.8
2022-01-21	CVE-2022-22929	Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. network low complexity mingsoft CWE-434 critical	9.8
2022-01-21	CVE-2022-22930	Unspecified vulnerability in Mingsoft Mcms 5.2.4 A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload. network low complexity mingsoft critical	9.8
2022-01-21	CVE-2022-23314	SQL Injection vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. network low complexity mingsoft CWE-89 critical	9.8
2022-01-21	CVE-2022-23315	Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4 MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. network low complexity mingsoft CWE-434 critical	9.8
2021-01-26	CVE-2020-23262	SQL Injection vulnerability in Mingsoft Mcms 5.0.0 An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do. network low complexity mingsoft CWE-89 critical	9.8
2018-10-30	CVE-2018-18831	Path Traversal vulnerability in Mingsoft Mcms 4.6.5 An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. network low complexity mingsoft CWE-22	7.5
2018-10-30	CVE-2018-18830	Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 4.6.5 An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. network low complexity mingsoft CWE-434 critical	9.8

Vulnerabilities > Mingsoft {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mingsoft"}]}

Vulnerabilities > Mingsoft