pkg:maven/net.mingsoft/ms-mcms
Type
maven
Namespace
net.mingsoft
Name
ms-mcms
Known advisories, vulnerabilities and fixes for net.mingsoft/ms-mcms package.
Critical
18
High
14
Moderate
2
Low
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | <= 5.0.0 |
CVE-2020-22755
|
 MAVEN:GHSA-293V-5329-36WP
|
MCMS vulnerable to arbitrary code execution via crafted thumbnail | high |
2023-05-08T15:30:18
(16 months ago) |
|
| Affected | <= 5.1 |
CVE-2021-44868
|
MAVEN:GHSA-2PMW-CVC7-FRVH
|
SQL injection in MCMS | critical |
2022-02-18T00:00:34
(2 years ago) |
|
| Affected | <= 5.2.9 |
CVE-2023-50578
|
MAVEN:GHSA-3VVH-8C65-32J4
|
Mingsoft MCMS SQL injection | high |
2023-12-30T18:30:35
(8 months ago) |
|
| Affected | = 5.2.8 |
CVE-2022-31943
|
MAVEN:GHSA-4828-473V-37GH
|
Unrestricted Upload of File with Dangerous Type in MCMS | critical |
2022-07-02T00:00:19
(2 years ago) |
|
| Affected | <= 5.2.10 |
CVE-2022-47042
|
MAVEN:GHSA-65V6-3C9M-HMRP
|
Arbitrary file write in net.mingsoft:ms-mcms | high |
2023-01-26T21:30:20
(19 months ago) |
|
| Fixed | = 5.2.11 |
CVE-2022-47042
|
MAVEN:GHSA-65V6-3C9M-HMRP
|
Arbitrary file write in net.mingsoft:ms-mcms | high |
2023-01-26T21:30:20
(19 months ago) |
|
| Affected | <= 5.2.9 |
CVE-2022-4640
|
MAVEN:GHSA-6RVV-H8G7-728W
|
Mingsoft MCMS Cross-site Scripting vulnerability | moderate |
2022-12-22T00:30:36
(21 months ago) |
|
| Affected | <= 5.2.7 |
CVE-2022-30506
|
MAVEN:GHSA-6XJ9-HPQ3-W3QW
|
Code injection in MCMS | critical |
2022-06-03T00:01:08
(2 years ago) |
|
| Affected | <= 5.2.4 |
CVE-2021-46037
|
MAVEN:GHSA-73WX-RPJ3-MX46
|
Path traversal in MCMS | high |
2022-02-19T00:01:25
(2 years ago) |
|
| Affected | <= 5.2.4 |
CVE-2022-22929
|
MAVEN:GHSA-77HH-P7R6-66PV
|
Arbitrary File Upload in Mingsoft MCMS | critical |
2022-01-22T00:00:50
(2 years ago) |
|
| Affected | <= 4.6.5 |
CVE-2018-18831
|
MAVEN:GHSA-7HJP-97G3-RQ93
|
Path Traversal in minsoft:ms-mcms | high |
2018-11-01T14:47:04
(5 years ago) |
|
| Affected | <= 5.3.5 |
CVE-2024-22567
|
MAVEN:GHSA-7QW4-9R68-2RMX
|
mingSoft MCMS File Upload vulnerability | high |
2024-02-05T21:30:31
(7 months ago) |
|
| Affected | < 5.2.9 |
CVE-2022-22930
|
MAVEN:GHSA-8WQ7-HHJJ-FPQV
|
RCE in Mingsoft MCMS | critical |
2022-01-22T00:00:50
(2 years ago) |
|
| Fixed | = 5.2.9 |
CVE-2022-22930
|
MAVEN:GHSA-8WQ7-HHJJ-FPQV
|
RCE in Mingsoft MCMS | critical |
2022-01-22T00:00:50
(2 years ago) |
|
| Affected | <= 5.2.5 |
CVE-2022-23899
|
MAVEN:GHSA-968C-MM28-JFW4
|
SQL injection in net.mingsoft:ms-mcms | critical |
2022-03-04T00:00:17
(2 years ago) |
|
| Affected | <= 4.6.5 |
CVE-2018-18830
|
MAVEN:GHSA-C7C7-XM8G-XM36
|
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms | critical |
2018-11-01T14:48:29
(5 years ago) |
|
| Affected | <= 5.2.5 |
CVE-2021-46386
|
MAVEN:GHSA-CWX9-RP4W-4545
|
Mingsoft MCMS vulnerable to Remote Code Execution via file upload. | critical |
2022-01-27T00:01:00
(2 years ago) |
|
| Affected | <= 5.2.4 |
CVE-2022-23315
|
MAVEN:GHSA-FR5W-98MC-JJVG
|
Arbitrary file upload in Mingsoft MCMS | critical |
2022-01-22T00:00:48
(2 years ago) |
|
| Affected | <= 5.2.4 |
CVE-2021-46036
|
MAVEN:GHSA-G8J8-MGH9-Q77P
|
File upload leading to RCE in MCMS | critical |
2022-02-19T00:01:25
(2 years ago) |
|
| Affected | <= 5.2.7 |
CVE-2022-27340
|
MAVEN:GHSA-G94P-H263-C26Q
|
Cross Site Request Forgery in Mingsoft MCMS | high |
2022-04-23T00:03:01
(2 years ago) |
|
| Affected | <= 5.2.5 |
CVE-2021-46063
|
MAVEN:GHSA-GC79-GH4F-9G6W
|
Server Side Template Injection in MCMS | critical |
2022-02-19T00:01:24
(2 years ago) |
|
| Affected | <= 5.2.7 |
CVE-2022-29647
|
MAVEN:GHSA-GP39-QJ5F-43QV
|
Cross Site Request Forgery in Mingsoft MCMS | high |
2022-06-03T00:01:05
(2 years ago) |
|
| Affected | < 5.1 |
CVE-2020-23262
|
MAVEN:GHSA-H3HW-G4HM-7GR4
|
SQL injection without credentials in ming-soft MCMS | critical |
2022-02-09T22:18:13
(2 years ago) |
|
| Fixed | = 5.1 |
CVE-2020-23262
|
MAVEN:GHSA-H3HW-G4HM-7GR4
|
SQL injection without credentials in ming-soft MCMS | critical |
2022-02-09T22:18:13
(2 years ago) |
|
| Affected | <= 5.2.4 |
CVE-2023-51282
|
MAVEN:GHSA-H57W-VH34-F8CW
|
Code injection in mingSoft MCMS | high |
2024-01-16T03:30:20
(8 months ago) |
|
| Affected | <= 5.2.9 |
CVE-2022-4375
|
MAVEN:GHSA-HC5G-XF64-J49J
|
Mingsoft MCMS vulnerable to SQL Injection | critical |
2022-12-09T09:30:30
(21 months ago) |
|
| Fixed | = 5.2.10 |
CVE-2022-4375
|
MAVEN:GHSA-HC5G-XF64-J49J
|
Mingsoft MCMS vulnerable to SQL Injection | critical |
2022-12-09T09:30:30
(21 months ago) |
|
| Affected | <= 5.2.8 |
CVE-2022-36272
|
MAVEN:GHSA-HMJ3-MQGW-2FQ6
|
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter | critical |
2022-08-17T00:00:30
(2 years ago) |
|
| Affected | < 5.1 |
CVE-2020-20913
|
MAVEN:GHSA-HX8P-9M48-G76R
|
Ming-Soft MCMS vulnerable to SQL injection | critical |
2023-04-04T15:30:27
(17 months ago) |
|
| Fixed | = 5.1 |
CVE-2020-20913
|
MAVEN:GHSA-HX8P-9M48-G76R
|
Ming-Soft MCMS vulnerable to SQL injection | critical |
2023-04-04T15:30:27
(17 months ago) |
|
| Affected | <= 4.6.5 |
CVE-2018-17366
|
MAVEN:GHSA-M246-PV28-4R6F
|
Mingsoft MCMS CSRF vulnerability | high |
2022-05-14T02:00:08
(2 years ago) |
|
| Affected | <= 5.2.7 |
CVE-2022-26585
|
MAVEN:GHSA-MX3X-RMRH-9WF6
|
SQL injection in net.mingsoft:ms-mcms | high |
2022-04-06T00:01:35
(2 years ago) |
|
| Affected | <= 5.2.8 |
CVE-2022-4350
|
MAVEN:GHSA-P46C-M4J7-MJVQ
|
Mingsoft MCMS vulnerable to Cross-site Scripting | moderate |
2022-12-08T12:30:26
(21 months ago) |
|
| Affected | <= 5.2.5 |
CVE-2022-23898
|
MAVEN:GHSA-P94Q-9Q2M-PFH2
|
SQL injection in net.mingsoft:ms-mcms | critical |
2022-03-04T00:00:17
(2 years ago) |
|
| Affected | <= 5.2.5 |
CVE-2021-46385
|
MAVEN:GHSA-PHWQ-9GC4-Q5C8
|
Mingsoft MCMS SQL injection vulnerability | high |
2022-01-27T00:00:52
(2 years ago) |
|
| Affected | <= 5.2.5 |
CVE-2021-46383
|
MAVEN:GHSA-QQC2-PV68-Q72H
|
Mingsoft MCMS SQL injection vulnerability | high |
2022-01-27T00:01:02
(2 years ago) |
|
| Fixed | = 5.2.6 |
CVE-2021-46383
|
MAVEN:GHSA-QQC2-PV68-Q72H
|
Mingsoft MCMS SQL injection vulnerability | high |
2022-01-27T00:01:02
(2 years ago) |
|
| Affected | < 5.2.6 |
CVE-2021-46384
|
MAVEN:GHSA-QWH6-XWJ4-9CJG
|
Remote code execution in net.mingsoft:ms-mcms | critical |
2022-03-05T00:00:41
(2 years ago) |
|
| Fixed | = 5.2.6 |
CVE-2021-46384
|
MAVEN:GHSA-QWH6-XWJ4-9CJG
|
Remote code execution in net.mingsoft:ms-mcms | critical |
2022-03-05T00:00:41
(2 years ago) |
|
| Affected | < 5.2.11 |
CVE-2021-46062
|
MAVEN:GHSA-RPVR-MW7R-25XX
|
MCMS Arbitrary File Deletion vulnerability | high |
2022-02-19T00:01:24
(2 years ago) |
|
| Fixed | = 5.2.11 |
CVE-2021-46062
|
MAVEN:GHSA-RPVR-MW7R-25XX
|
MCMS Arbitrary File Deletion vulnerability | high |
2022-02-19T00:01:24
(2 years ago) |
|
| Affected | <= 5.3.1 |
CVE-2023-3990
|
MAVEN:GHSA-RXVJ-5MV6-J5MC
|
Cross-site Scripting in Mingsoft MCMS | low |
2023-07-28T09:30:29
(13 months ago) |
|
| Fixed | = 5.3.2 |
CVE-2023-3990
|
MAVEN:GHSA-RXVJ-5MV6-J5MC
|
Cross-site Scripting in Mingsoft MCMS | low |
2023-07-28T09:30:29
(13 months ago) |
|
| Affected | <= 5.2.8 |
CVE-2022-36599
|
MAVEN:GHSA-W3RC-2WHG-W934
|
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List | critical |
2022-08-17T00:00:30
(2 years ago) |