Vulnerabilities > Mingsoft > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-22567 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.3.5
File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.
network
low complexity
mingsoft CWE-434
8.8
8.8
2024-01-16 CVE-2023-51282 Code Injection vulnerability in Mingsoft Mcms 5.2.4
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.
network
low complexity
mingsoft CWE-94
7.5
7.5
2023-05-08 CVE-2020-22755 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.0
File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail.
network
low complexity
mingsoft CWE-434
8.8
8.8
2023-01-26 CVE-2022-47042 Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.10/5.2.8/5.2.9
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.
network
low complexity
mingsoft CWE-434
8.8
8.8
2022-06-02 CVE-2022-29647 Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7
An issue was discovered in MCMS 5.2.7.
network
low complexity
mingsoft CWE-352
8.8
8.8
2022-04-22 CVE-2022-27340 Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do.
network
low complexity
mingsoft CWE-352
8.8
8.8
2022-02-18 CVE-2021-46062 Unspecified vulnerability in Mingsoft Mcms 5.2.5
MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.
local
low complexity
mingsoft
7.1
7.1
2022-02-18 CVE-2021-46037 Unspecified vulnerability in Mingsoft Mcms 5.2.4
MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.
network
low complexity
mingsoft
8.1
8.1
2022-01-26 CVE-2021-46385 SQL Injection vulnerability in Mingsoft Mcms
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection.
network
low complexity
mingsoft CWE-89
7.5
7.5
2022-01-26 CVE-2021-46383 SQL Injection vulnerability in Mingsoft Mcms
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection.
network
low complexity
mingsoft CWE-89
7.5
7.5