Vulnerabilities > Mingsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-01-21 CVE-2022-22929 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
network
low complexity
mingsoft CWE-434
critical
 9.8
9.8
2022-01-21 CVE-2022-22930 Unspecified vulnerability in Mingsoft Mcms 5.2.4
A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.
network
low complexity
mingsoft
critical
 9.8
9.8
2022-01-21 CVE-2022-23314 SQL Injection vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2022-01-21 CVE-2022-23315 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.
network
low complexity
mingsoft CWE-434
critical
 9.8
9.8
2021-01-26 CVE-2020-23262 SQL Injection vulnerability in Mingsoft Mcms 5.0.0
An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
network
low complexity
mingsoft CWE-89
critical
 9.8
9.8
2018-10-30 CVE-2018-18830 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 4.6.5
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5.
network
low complexity
mingsoft CWE-434
critical
 9.8
9.8