pkg:maven/net.mingsoft/ms-mcms
Type
maven
Namespace
net.mingsoft
Name
ms-mcms
Known advisories, vulnerabilities and fixes for net.mingsoft/ms-mcms package.
Critical
18
High
14
Moderate
2
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 5.0.0 |
CVE-2020-22755
|
MAVEN:GHSA-293V-5329-36WP | MCMS vulnerable to arbitrary code execution via crafted thumbnail | high |
2023-05-08T15:30:18
(16 months ago) |
|
Affected | <= 5.1 |
CVE-2021-44868
|
MAVEN:GHSA-2PMW-CVC7-FRVH | SQL injection in MCMS | critical |
2022-02-18T00:00:34
(2 years ago) |
|
Affected | <= 5.2.9 |
CVE-2023-50578
|
MAVEN:GHSA-3VVH-8C65-32J4 | Mingsoft MCMS SQL injection | high |
2023-12-30T18:30:35
(8 months ago) |
|
Affected | = 5.2.8 |
CVE-2022-31943
|
MAVEN:GHSA-4828-473V-37GH | Unrestricted Upload of File with Dangerous Type in MCMS | critical |
2022-07-02T00:00:19
(2 years ago) |
|
Affected | <= 5.2.10 |
CVE-2022-47042
|
MAVEN:GHSA-65V6-3C9M-HMRP | Arbitrary file write in net.mingsoft:ms-mcms | high |
2023-01-26T21:30:20
(19 months ago) |
|
Fixed | = 5.2.11 |
CVE-2022-47042
|
MAVEN:GHSA-65V6-3C9M-HMRP | Arbitrary file write in net.mingsoft:ms-mcms | high |
2023-01-26T21:30:20
(19 months ago) |
|
Affected | <= 5.2.9 |
CVE-2022-4640
|
MAVEN:GHSA-6RVV-H8G7-728W | Mingsoft MCMS Cross-site Scripting vulnerability | moderate |
2022-12-22T00:30:36
(21 months ago) |
|
Affected | <= 5.2.7 |
CVE-2022-30506
|
MAVEN:GHSA-6XJ9-HPQ3-W3QW | Code injection in MCMS | critical |
2022-06-03T00:01:08
(2 years ago) |
|
Affected | <= 5.2.4 |
CVE-2021-46037
|
MAVEN:GHSA-73WX-RPJ3-MX46 | Path traversal in MCMS | high |
2022-02-19T00:01:25
(2 years ago) |
|
Affected | <= 5.2.4 |
CVE-2022-22929
|
MAVEN:GHSA-77HH-P7R6-66PV | Arbitrary File Upload in Mingsoft MCMS | critical |
2022-01-22T00:00:50
(2 years ago) |
|
Affected | <= 4.6.5 |
CVE-2018-18831
|
MAVEN:GHSA-7HJP-97G3-RQ93 | Path Traversal in minsoft:ms-mcms | high |
2018-11-01T14:47:04
(5 years ago) |
|
Affected | <= 5.3.5 |
CVE-2024-22567
|
MAVEN:GHSA-7QW4-9R68-2RMX | mingSoft MCMS File Upload vulnerability | high |
2024-02-05T21:30:31
(7 months ago) |
|
Affected | < 5.2.9 |
CVE-2022-22930
|
MAVEN:GHSA-8WQ7-HHJJ-FPQV | RCE in Mingsoft MCMS | critical |
2022-01-22T00:00:50
(2 years ago) |
|
Fixed | = 5.2.9 |
CVE-2022-22930
|
MAVEN:GHSA-8WQ7-HHJJ-FPQV | RCE in Mingsoft MCMS | critical |
2022-01-22T00:00:50
(2 years ago) |
|
Affected | <= 5.2.5 |
CVE-2022-23899
|
MAVEN:GHSA-968C-MM28-JFW4 | SQL injection in net.mingsoft:ms-mcms | critical |
2022-03-04T00:00:17
(2 years ago) |
|
Affected | <= 4.6.5 |
CVE-2018-18830
|
MAVEN:GHSA-C7C7-XM8G-XM36 | Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms | critical |
2018-11-01T14:48:29
(5 years ago) |
|
Affected | <= 5.2.5 |
CVE-2021-46386
|
MAVEN:GHSA-CWX9-RP4W-4545 | Mingsoft MCMS vulnerable to Remote Code Execution via file upload. | critical |
2022-01-27T00:01:00
(2 years ago) |
|
Affected | <= 5.2.4 |
CVE-2022-23315
|
MAVEN:GHSA-FR5W-98MC-JJVG | Arbitrary file upload in Mingsoft MCMS | critical |
2022-01-22T00:00:48
(2 years ago) |
|
Affected | <= 5.2.4 |
CVE-2021-46036
|
MAVEN:GHSA-G8J8-MGH9-Q77P | File upload leading to RCE in MCMS | critical |
2022-02-19T00:01:25
(2 years ago) |
|
Affected | <= 5.2.7 |
CVE-2022-27340
|
MAVEN:GHSA-G94P-H263-C26Q | Cross Site Request Forgery in Mingsoft MCMS | high |
2022-04-23T00:03:01
(2 years ago) |
|
Affected | <= 5.2.5 |
CVE-2021-46063
|
MAVEN:GHSA-GC79-GH4F-9G6W | Server Side Template Injection in MCMS | critical |
2022-02-19T00:01:24
(2 years ago) |
|
Affected | <= 5.2.7 |
CVE-2022-29647
|
MAVEN:GHSA-GP39-QJ5F-43QV | Cross Site Request Forgery in Mingsoft MCMS | high |
2022-06-03T00:01:05
(2 years ago) |
|
Affected | < 5.1 |
CVE-2020-23262
|
MAVEN:GHSA-H3HW-G4HM-7GR4 | SQL injection without credentials in ming-soft MCMS | critical |
2022-02-09T22:18:13
(2 years ago) |
|
Fixed | = 5.1 |
CVE-2020-23262
|
MAVEN:GHSA-H3HW-G4HM-7GR4 | SQL injection without credentials in ming-soft MCMS | critical |
2022-02-09T22:18:13
(2 years ago) |
|
Affected | <= 5.2.4 |
CVE-2023-51282
|
MAVEN:GHSA-H57W-VH34-F8CW | Code injection in mingSoft MCMS | high |
2024-01-16T03:30:20
(8 months ago) |
|
Affected | <= 5.2.9 |
CVE-2022-4375
|
MAVEN:GHSA-HC5G-XF64-J49J | Mingsoft MCMS vulnerable to SQL Injection | critical |
2022-12-09T09:30:30
(21 months ago) |
|
Fixed | = 5.2.10 |
CVE-2022-4375
|
MAVEN:GHSA-HC5G-XF64-J49J | Mingsoft MCMS vulnerable to SQL Injection | critical |
2022-12-09T09:30:30
(21 months ago) |
|
Affected | <= 5.2.8 |
CVE-2022-36272
|
MAVEN:GHSA-HMJ3-MQGW-2FQ6 | Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter | critical |
2022-08-17T00:00:30
(2 years ago) |
|
Affected | < 5.1 |
CVE-2020-20913
|
MAVEN:GHSA-HX8P-9M48-G76R | Ming-Soft MCMS vulnerable to SQL injection | critical |
2023-04-04T15:30:27
(17 months ago) |
|
Fixed | = 5.1 |
CVE-2020-20913
|
MAVEN:GHSA-HX8P-9M48-G76R | Ming-Soft MCMS vulnerable to SQL injection | critical |
2023-04-04T15:30:27
(17 months ago) |
|
Affected | <= 4.6.5 |
CVE-2018-17366
|
MAVEN:GHSA-M246-PV28-4R6F | Mingsoft MCMS CSRF vulnerability | high |
2022-05-14T02:00:08
(2 years ago) |
|
Affected | <= 5.2.7 |
CVE-2022-26585
|
MAVEN:GHSA-MX3X-RMRH-9WF6 | SQL injection in net.mingsoft:ms-mcms | high |
2022-04-06T00:01:35
(2 years ago) |
|
Affected | <= 5.2.8 |
CVE-2022-4350
|
MAVEN:GHSA-P46C-M4J7-MJVQ | Mingsoft MCMS vulnerable to Cross-site Scripting | moderate |
2022-12-08T12:30:26
(21 months ago) |
|
Affected | <= 5.2.5 |
CVE-2022-23898
|
MAVEN:GHSA-P94Q-9Q2M-PFH2 | SQL injection in net.mingsoft:ms-mcms | critical |
2022-03-04T00:00:17
(2 years ago) |
|
Affected | <= 5.2.5 |
CVE-2021-46385
|
MAVEN:GHSA-PHWQ-9GC4-Q5C8 | Mingsoft MCMS SQL injection vulnerability | high |
2022-01-27T00:00:52
(2 years ago) |
|
Affected | <= 5.2.5 |
CVE-2021-46383
|
MAVEN:GHSA-QQC2-PV68-Q72H | Mingsoft MCMS SQL injection vulnerability | high |
2022-01-27T00:01:02
(2 years ago) |
|
Fixed | = 5.2.6 |
CVE-2021-46383
|
MAVEN:GHSA-QQC2-PV68-Q72H | Mingsoft MCMS SQL injection vulnerability | high |
2022-01-27T00:01:02
(2 years ago) |
|
Affected | < 5.2.6 |
CVE-2021-46384
|
MAVEN:GHSA-QWH6-XWJ4-9CJG | Remote code execution in net.mingsoft:ms-mcms | critical |
2022-03-05T00:00:41
(2 years ago) |
|
Fixed | = 5.2.6 |
CVE-2021-46384
|
MAVEN:GHSA-QWH6-XWJ4-9CJG | Remote code execution in net.mingsoft:ms-mcms | critical |
2022-03-05T00:00:41
(2 years ago) |
|
Affected | < 5.2.11 |
CVE-2021-46062
|
MAVEN:GHSA-RPVR-MW7R-25XX | MCMS Arbitrary File Deletion vulnerability | high |
2022-02-19T00:01:24
(2 years ago) |
|
Fixed | = 5.2.11 |
CVE-2021-46062
|
MAVEN:GHSA-RPVR-MW7R-25XX | MCMS Arbitrary File Deletion vulnerability | high |
2022-02-19T00:01:24
(2 years ago) |
|
Affected | <= 5.3.1 |
CVE-2023-3990
|
MAVEN:GHSA-RXVJ-5MV6-J5MC | Cross-site Scripting in Mingsoft MCMS | low |
2023-07-28T09:30:29
(13 months ago) |
|
Fixed | = 5.3.2 |
CVE-2023-3990
|
MAVEN:GHSA-RXVJ-5MV6-J5MC | Cross-site Scripting in Mingsoft MCMS | low |
2023-07-28T09:30:29
(13 months ago) |
|
Affected | <= 5.2.8 |
CVE-2022-36599
|
MAVEN:GHSA-W3RC-2WHG-W934 | Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List | critical |
2022-08-17T00:00:30
(2 years ago) |