Mingsoft Mcms

SQLi in mingSoft MCMS 5.5.0 Web Content List Endpoint
CVE-2026-4954 6.3 - Medium - March 27, 2026

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

SQL Injection

SSRF in mingSoft MCMS 5.5.0 Editor endpoint catchImage
CVE-2026-4953 7.3 - High - March 27, 2026

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

SSRF

mingSoft MCMS 6.1.1 Unrestricted File Upload in Template Archive Handler (uploadTemplate.do)
CVE-2026-2666 4.7 - Medium - February 18, 2026

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.

Unrestricted File Upload

CVE-2025-29287 MCMS v5.4.3 ueditor Arbitrary File Upload Vulnerability
CVE-2025-29287 - April 21, 2025

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.

MCMS v5.4.1 Frontend File Upload RCE in MCMS
CVE-2024-42991 - September 03, 2024

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.

Arbitrary File Upload via /ms/file/upload.do in MCMS 5.3.5
CVE-2024-22567 8.8 - High - February 05, 2024

File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.

Unrestricted File Upload

Remote Info Leak via Crafted Script in mingSoft MCMS 5.2.4 (password param)
CVE-2023-51282 7.5 - High - January 16, 2024

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.

Code Injection

SQL Injection in Mingsoft MCMS 5.2.9 via categoryType in /content/list.do
CVE-2023-50578 9.8 - Critical - December 30, 2023

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.

SQL Injection

Mingsoft MCMS <=5.3.1 XSS via style param in search.do (HTTP POST)
CVE-2023-3990 6.1 - Medium - July 28, 2023

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.

XSS

MCMS 5.0 File Upload via Thumbnail Enables Remote Code Exec
CVE-2020-22755 8.8 - High - May 08, 2023

File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.

Unrestricted File Upload

Ming-Soft MCMS v4.7.2 SQLi via basic_title Allows RCE
CVE-2020-20913 9.8 - Critical - April 04, 2023

SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.

SQL Injection

MCMS <=5.2.10 arbitrary file write via ms/template/writeFileContent.do
CVE-2022-47042 8.8 - High - January 26, 2023

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.

Unrestricted File Upload

XSS in Article Handler of Mingsoft MCMS 5.2.9 (before 5.3)
CVE-2022-4640 5.4 - Medium - December 21, 2022

A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499.

XSS

Mingsoft MCMS <=5.2.9 SQLi via sqlWhere (remote)
CVE-2022-4375 9.8 - Critical - December 09, 2022

A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.

SQL Injection

XSS in Mingsoft MCMS 5.2.8 search.do (content_title)
CVE-2022-4350 6.1 - Medium - December 08, 2022

A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.

XSS

SQLi in Mingsoft MCMS 5.2.8 /mdiy/page/verify via fieldName
CVE-2022-36272 9.8 - Critical - August 16, 2022

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.

SQL Injection

SQLi in Mingsoft MCMS 5.2.8 /mdiy/model/delete (Models Lists)
CVE-2022-36599 9.8 - Critical - August 16, 2022

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.

SQL Injection

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
CVE-2022-31943 9.8 - Critical - July 01, 2022

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.

Unrestricted File Upload

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7
CVE-2022-30506 9.8 - Critical - June 02, 2022

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.

Unrestricted File Upload

An issue was discovered in MCMS 5.2.7
CVE-2022-29647 8.8 - High - June 02, 2022

An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.

Session Riding

Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI
CVE-2022-30048 9.8 - Critical - May 11, 2022

Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.

SQL Injection

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI
CVE-2022-30047 9.8 - Critical - May 11, 2022

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.

SQL Injection

MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.
CVE-2022-27466 9.8 - Critical - May 02, 2022

MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.

SQL Injection

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do
CVE-2022-27340 8.8 - High - April 22, 2022

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.

Session Riding

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability
CVE-2022-26585 9.8 - Critical - April 05, 2022

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.

SQL Injection

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE
CVE-2021-46384 9.8 - Critical - March 04, 2022

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.

Missing Authentication for Critical Function

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability
CVE-2022-23898 9.8 - Critical - March 03, 2022

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.

SQL Injection

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability
CVE-2022-23899 9.8 - Critical - March 03, 2022

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.

SQL Injection

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability
CVE-2022-25125 9.8 - Critical - March 03, 2022

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.

SQL Injection

MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability
CVE-2021-46063 9.1 - Critical - February 18, 2022

MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module.

Code Injection

MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability
CVE-2021-46062 7.1 - High - February 18, 2022

MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.

MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability
CVE-2021-46037 8.1 - High - February 18, 2022

MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4
CVE-2021-46036 9.8 - Critical - February 18, 2022

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.

Unrestricted File Upload

A problem was found in ming-soft MCMS v5.1
CVE-2021-44868 9.8 - Critical - February 17, 2022

A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do

SQL Injection

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection
CVE-2021-46385 7.5 - High - January 26, 2022

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.

SQL Injection

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection
CVE-2021-46383 7.5 - High - January 26, 2022

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.

SQL Injection

File upload vulnerability in mingSoft MCMS through 5.2.5
CVE-2021-46386 9.8 - Critical - January 26, 2022

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.

Unrestricted File Upload

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which
CVE-2022-22929 9.8 - Critical - January 21, 2022

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

Unrestricted File Upload

A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4
CVE-2022-22930 9.8 - Critical - January 21, 2022

A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability
CVE-2022-23314 9.8 - Critical - January 21, 2022

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.

SQL Injection

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability
CVE-2022-23315 9.8 - Critical - January 21, 2022

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.

Unrestricted File Upload

MCMS v5.2.4 was discovered to have a hardcoded shiro-key
CVE-2022-22928 9.8 - Critical - January 21, 2022

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.

Use of Hard-coded Credentials

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5
CVE-2018-18830 - October 30, 2018

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5
CVE-2018-18831 - October 30, 2018

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.