[MAVEN:GHSA-G94P-H263-C26Q] Cross Site Request Forgery in Mingsoft MCMS

Severity High

Affected Packages 1

CVEs 1

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.

Package	Affected Version
pkg:maven/net.mingsoft/ms-mcms	<= 5.2.7

ID: MAVEN:GHSA-G94P-H263-C26Q
Severity: high
URL: https://github.com/advisories/GHSA-g94p-h263-c26q
Published: 2022-04-23T00:03:01
(2 years ago)
Modified: 2023-01-27T05:01:52
(20 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-27340
			https://github.com/UDKI11/vul/blob/main/Mcms%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0.docx
			https://github.com/ming-soft/MCMS
			https://github.com/advisories/GHSA-g94p-h263-c26q

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/net.mingsoft/ms-mcms	net.mingsoft	ms-mcms	<= 5.2.7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date