Vendor CVEs
Mingsoft
All CVEs
22 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4953 | Hig | 0.47 | 7.3 | 0.00 | Mar 27, 2026 | A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request… | ||
| CVE-2026-4954 | Med | 0.41 | 6.3 | 0.00 | Mar 27, 2026 | A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated… | ||
| CVE-2026-2666 | Med | 0.31 | 4.7 | 0.00 | Feb 18, 2026 | A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched… | ||
| CVE-2022-25125 | 0.06 | — | 0.07 | Mar 3, 2022 | MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. | |||
| CVE-2022-26585 | 0.04 | — | 0.06 | Apr 5, 2022 | Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list. | |||
| CVE-2023-50578 | 0.03 | — | 0.02 | Dec 30, 2023 | Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. | |||
| CVE-2022-4375 | 0.02 | — | 0.03 | Dec 9, 2022 | A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit… | |||
| CVE-2023-3990 | 0.01 | — | 0.01 | Jul 28, 2023 | A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate… | |||
| CVE-2025-60838 | 0.00 | — | 0.00 | Oct 10, 2025 | An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2024-42991 | 0.00 | — | 0.01 | Sep 3, 2024 | MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution. | |||
| CVE-2023-51282 | 0.00 | — | 0.01 | Jan 16, 2024 | An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. | |||
| CVE-2022-4640 | 0.00 | — | 0.00 | Dec 21, 2022 | A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been… | |||
| CVE-2022-4350 | 0.00 | — | 0.00 | Dec 8, 2022 | A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit… | |||
| CVE-2022-36599 | 0.00 | — | 0.01 | Aug 16, 2022 | Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists. | |||
| CVE-2022-36272 | 0.00 | — | 0.01 | Aug 16, 2022 | Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. | |||
| CVE-2022-30048 | 0.00 | — | 0.01 | May 11, 2022 | Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. | |||
| CVE-2022-30047 | 0.00 | — | 0.01 | May 11, 2022 | Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. | |||
| CVE-2022-27466 | 0.00 | — | 0.02 | May 2, 2022 | MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. | |||
| CVE-2021-46385 | 0.00 | — | 0.02 | Jan 26, 2022 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability… | |||
| CVE-2021-46383 | 0.00 | — | 0.02 | Jan 26, 2022 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability… | |||
| CVE-2022-23314 | 0.00 | — | 0.02 | Jan 20, 2022 | MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. | |||
| CVE-2022-22928 | 0.00 | — | 0.03 | Jan 20, 2022 | MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code. |
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated…
- risk 0.31cvss 4.7epss 0.00
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched…
- CVE-2022-25125Mar 3, 2022risk 0.06cvss —epss 0.07
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.
- CVE-2022-26585Apr 5, 2022risk 0.04cvss —epss 0.06
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.
- CVE-2023-50578Dec 30, 2023risk 0.03cvss —epss 0.02
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
- CVE-2022-4375Dec 9, 2022risk 0.02cvss —epss 0.03
A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit…
- CVE-2023-3990Jul 28, 2023risk 0.01cvss —epss 0.01
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate…
- CVE-2025-60838Oct 10, 2025risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-42991Sep 3, 2024risk 0.00cvss —epss 0.01
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.
- CVE-2023-51282Jan 16, 2024risk 0.00cvss —epss 0.01
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.
- CVE-2022-4640Dec 21, 2022risk 0.00cvss —epss 0.00
A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been…
- CVE-2022-4350Dec 8, 2022risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit…
- CVE-2022-36599Aug 16, 2022risk 0.00cvss —epss 0.01
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.
- CVE-2022-36272Aug 16, 2022risk 0.00cvss —epss 0.01
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.
- CVE-2022-30048May 11, 2022risk 0.00cvss —epss 0.01
Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.
- CVE-2022-30047May 11, 2022risk 0.00cvss —epss 0.01
Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.
- CVE-2022-27466May 2, 2022risk 0.00cvss —epss 0.02
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
- CVE-2021-46385Jan 26, 2022risk 0.00cvss —epss 0.02
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability…
- CVE-2021-46383Jan 26, 2022risk 0.00cvss —epss 0.02
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability…
- CVE-2022-23314Jan 20, 2022risk 0.00cvss —epss 0.02
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.
- CVE-2022-22928Jan 20, 2022risk 0.00cvss —epss 0.03
MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.