VYPR
Vendor

Mingsoft

Products
2
CVEs
22
Across products
22
Status
Private

Products

2

Recent CVEs

22
View all 22 CVEs →
  • CVE-2026-4953HigMar 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request…

  • CVE-2026-4954MedMar 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated…

  • CVE-2026-2666MedFeb 18, 2026
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched…

  • CVE-2022-25125Mar 3, 2022
    risk 0.06cvss epss 0.07

    MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.

  • CVE-2022-26585Apr 5, 2022
    risk 0.04cvss epss 0.06

    Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.

  • CVE-2023-50578Dec 30, 2023
    risk 0.03cvss epss 0.02

    Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.

  • CVE-2022-4375Dec 9, 2022
    risk 0.02cvss epss 0.03

    A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit…

  • CVE-2023-3990Jul 28, 2023
    risk 0.01cvss epss 0.01

    A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate…

  • CVE-2025-60838Oct 10, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2024-42991Sep 3, 2024
    risk 0.00cvss epss 0.01

    MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.

  • CVE-2023-51282Jan 16, 2024
    risk 0.00cvss epss 0.01

    An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.

  • CVE-2022-4640Dec 21, 2022
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been…

  • CVE-2022-4350Dec 8, 2022
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit…

  • CVE-2022-36599Aug 16, 2022
    risk 0.00cvss epss 0.01

    Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.

  • CVE-2022-36272Aug 16, 2022
    risk 0.00cvss epss 0.01

    Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.

  • CVE-2022-30048May 11, 2022
    risk 0.00cvss epss 0.01

    Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.

  • CVE-2022-30047May 11, 2022
    risk 0.00cvss epss 0.01

    Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.

  • CVE-2022-27466May 2, 2022
    risk 0.00cvss epss 0.02

    MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.

  • CVE-2021-46385Jan 26, 2022
    risk 0.00cvss epss 0.02

    https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability…

  • CVE-2021-46383Jan 26, 2022
    risk 0.00cvss epss 0.02

    https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability…