VYPR

MCMS

by Mcms

CVEs (5)

  • CVE-2022-25125CriMar 3, 2022
    risk 0.64cvss 9.8epss 0.07

    MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.

  • CVE-2022-23314CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.02

    MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.

  • CVE-2022-22928CriJan 21, 2022
    risk 0.64cvss 9.8epss 0.03

    MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.

  • CVE-2024-42991HigSep 3, 2024
    risk 0.53cvss 8.1epss 0.01

    MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.

  • CVE-2025-60838MedOct 10, 2025
    risk 0.42cvss 6.5epss 0.00

    An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.