Search for packages
| purl | pkg:maven/net.mingsoft/ms-mcms@5.2.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-95jw-5bg2-p7au
Aliases: CVE-2023-51282 GHSA-h57w-vh34-f8cw |
Improper Control of Generation of Code ('Code Injection') An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. | There are no reported fixed by versions. |
|
VCID-abmw-q12r-uyd5
Aliases: CVE-2021-46037 GHSA-73wx-rpj3-mx46 |
Path traversal in MCMS MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do. | There are no reported fixed by versions. |
|
VCID-fcqr-jfzk-4qb2
Aliases: CVE-2021-46036 GHSA-g8j8-mgh9-q77p |
Unrestricted Upload of File with Dangerous Type An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | There are no reported fixed by versions. |
|
VCID-jyhb-47uq-ukcj
Aliases: CVE-2022-23315 GHSA-fr5w-98mc-jjvg |
Unrestricted Upload of File with Dangerous Type MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. | There are no reported fixed by versions. |
|
VCID-kvzt-n4wd-n7f1
Aliases: CVE-2022-22929 GHSA-77hh-p7r6-66pv |
Unrestricted Upload of File with Dangerous Type MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||