CVE-2022-22930
- EPSS 10.72%
- Veröffentlicht 21.01.2022 00:15:08
- Zuletzt bearbeitet 21.11.2024 06:47:37
A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.
CVE-2022-22929
- EPSS 2.65%
- Veröffentlicht 21.01.2022 00:15:07
- Zuletzt bearbeitet 21.11.2024 06:47:37
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
CVE-2022-22928
- EPSS 2.32%
- Veröffentlicht 21.01.2022 00:15:07
- Zuletzt bearbeitet 21.11.2024 06:47:37
MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.
CVE-2020-23262
- EPSS 0.26%
- Veröffentlicht 26.01.2021 18:15:42
- Zuletzt bearbeitet 21.11.2024 05:13:41
An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
CVE-2018-18831
- EPSS 0.46%
- Veröffentlicht 30.10.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:42
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.
CVE-2018-18830
- EPSS 0.43%
- Veröffentlicht 30.10.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:42
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of J...
CVE-2018-17366
- EPSS 0.14%
- Veröffentlicht 23.09.2018 18:29:00
- Zuletzt bearbeitet 19.02.2026 18:39:55
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.