CVE-2023-50578
Description
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mingsoft MCMS v5.2.9 contains a SQL injection vulnerability in the categoryType parameter at /content/list.do.
Vulnerability
Overview
The vulnerability is a SQL injection flaw in Mingsoft MCMS v5.2.9, a Java-based content management system. The issue resides in the /content/list.do endpoint, where the categoryType parameter is not properly sanitized before being used in SQL queries. This allows an attacker to inject arbitrary SQL commands through this parameter [2][3].
Exploitation
An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the affected endpoint with malicious input in the categoryType parameter. No authentication or special privileges are required to trigger the injection. The attack surface is exposed via the web interface, making it accessible to remote attackers [1][2].
Impact
Successful exploitation can lead to unauthorized access to the underlying database. An attacker may be able to read, modify, or delete sensitive data, potentially compromising the entire application and its data. The impact is consistent with typical SQL injection vulnerabilities, which can lead to data breaches or further system compromise [1][3].
Mitigation
As of the publication date, a fix has not been confirmed in the official repository. Users are advised to apply input validation on the categoryType parameter or upgrade to a patched version if available. The issue has been documented in the project's issue tracker, indicating awareness by the maintainers [3].
- GitHub - ming-soft/MCMS: 完整开源!Java快速开发平台!基于Spring、SpringMVC、Mybatis架构,MStore提供更多好用的插件与模板(文章、商城、微信、论坛、会员、评论、支付、积分、工作流、任务调度等,同时提供上百套免费模板任意选择),价值源自分享!铭飞系统不仅一套简单好用的开源系统、更是一整套优质的开源生态内容体系。铭飞的使命就是降低开发成本提高开发效率,提供全方位的�…
- NVD - CVE-2023-50578
- Mingsoft MCMS v5.2.9 前台查询文章列表接口存在SQL注入 · Issue #I8MAJK · 铭飞/MCMS - Gitee
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
net.mingsoft:ms-mcmsMaven | <= 5.2.9 | — |
Affected products
2- Mingsoft/MCMSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-3vvh-8c65-32j4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-50578ghsaADVISORY
- gitee.com/mingSoft/MCMS/issues/I8MAJKghsaWEB
News mentions
0No linked articles in our index yet.