| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
VCID-89ww-4py3-skdf |
| vulnerability_id |
VCID-89ww-4py3-skdf |
| summary |
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://gitee.com/mingSoft/MCMS/issues/I8MAJK |
| reference_id |
I8MAJK |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-03-05T15:58:23Z/ |
|
|
| url |
https://gitee.com/mingSoft/MCMS/issues/I8MAJK |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-50578, GHSA-3vvh-8c65-32j4
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-89ww-4py3-skdf |
|
| 4 |
|
| 5 |
| url |
VCID-9ut2-sk5y-r7gg |
| vulnerability_id |
VCID-9ut2-sk5y-r7gg |
| summary |
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-29287 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00155 |
| scoring_system |
epss |
| scoring_elements |
0.36181 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00155 |
| scoring_system |
epss |
| scoring_elements |
0.36002 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00155 |
| scoring_system |
epss |
| scoring_elements |
0.36193 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.00155 |
| scoring_system |
epss |
| scoring_elements |
0.36204 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-29287 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://cms.com |
| reference_id |
cms.com |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-21T14:58:12Z/ |
|
|
| url |
http://cms.com |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-29287, GHSA-3922-2r6r-r4fv
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9ut2-sk5y-r7gg |
|
| 6 |
|
| 7 |
| url |
VCID-db9p-8dg3-tygr |
| vulnerability_id |
VCID-db9p-8dg3-tygr |
| summary |
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-4350 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40333 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40512 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40523 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00187 |
| scoring_system |
epss |
| scoring_elements |
0.40501 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-4350 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://vuldb.com/?id.215112 |
| reference_id |
?id.215112 |
| reference_type |
|
| scores |
| 0 |
| value |
3.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:55:17Z/ |
|
|
| url |
https://vuldb.com/?id.215112 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-4350, GHSA-p46c-m4j7-mjvq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-db9p-8dg3-tygr |
|
| 8 |
| url |
VCID-ffd6-2jck-mqb5 |
| vulnerability_id |
VCID-ffd6-2jck-mqb5 |
| summary |
A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-4640 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.3902 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39209 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39216 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39192 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-4640 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://gitee.com/mingSoft/MCMS/issues/I65KI5 |
| reference_id |
I65KI5 |
| reference_type |
|
| scores |
| 0 |
| value |
3.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T18:53:09Z/ |
|
|
| url |
https://gitee.com/mingSoft/MCMS/issues/I65KI5 |
|
| 4 |
| reference_url |
https://vuldb.com/?id.216499 |
| reference_id |
?id.216499 |
| reference_type |
|
| scores |
| 0 |
| value |
3.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-09T18:53:09Z/ |
|
|
| url |
https://vuldb.com/?id.216499 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-4640, GHSA-6rvv-h8g7-728w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ffd6-2jck-mqb5 |
|
| 9 |
| url |
VCID-mrxa-fwdh-yyfm |
| vulnerability_id |
VCID-mrxa-fwdh-yyfm |
| summary |
A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-60837 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07272 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07237 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.07279 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00024 |
| scoring_system |
epss |
| scoring_elements |
0.0727 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-60837 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://gitee.com/mingSoft/MCMS |
| reference_id |
MCMS |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T20:34:02Z/ |
|
|
| url |
https://gitee.com/mingSoft/MCMS |
|
| 5 |
| reference_url |
http://mcms.com |
| reference_id |
mcms.com |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T20:34:02Z/ |
|
|
| url |
http://mcms.com |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-60837, GHSA-wvv5-5g6x-hp7j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mrxa-fwdh-yyfm |
|
| 10 |
| url |
VCID-py7n-se1p-zqde |
| vulnerability_id |
VCID-py7n-se1p-zqde |
| summary |
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-2666 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04725 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04704 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04711 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04726 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-2666 |
|
| 1 |
| reference_url |
https://github.com/chujianxin0101/vuln/issues/11 |
| reference_id |
11 |
| reference_type |
|
| scores |
| 0 |
| value |
5.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
|
| 1 |
| value |
4.7 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 2 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 3 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 4 |
| value |
2.0 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
|
| 5 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
|
| 6 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 7 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T20:35:24Z/ |
|
|
| url |
https://github.com/chujianxin0101/vuln/issues/11 |
|
| 2 |
| reference_url |
https://github.com/chujianxin0101/vuln/issues/11#issue-3905144613 |
| reference_id |
11#issue-3905144613 |
| reference_type |
|
| scores |
| 0 |
| value |
5.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
|
| 1 |
| value |
4.7 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 2 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 3 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T20:35:24Z/ |
|
|
| url |
https://github.com/chujianxin0101/vuln/issues/11#issue-3905144613 |
|
| 3 |
|
| 4 |
| reference_url |
https://vuldb.com/?ctiid.346463 |
| reference_id |
?ctiid.346463 |
| reference_type |
|
| scores |
| 0 |
| value |
5.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
|
| 1 |
| value |
4.7 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 2 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 3 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 4 |
| value |
2.0 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
|
| 5 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
|
| 6 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 7 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T20:35:24Z/ |
|
|
| url |
https://vuldb.com/?ctiid.346463 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://vuldb.com/?id.346463 |
| reference_id |
?id.346463 |
| reference_type |
|
| scores |
| 0 |
| value |
5.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
|
| 1 |
| value |
4.7 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 2 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 3 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 4 |
| value |
2.0 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
|
| 5 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
|
| 6 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 7 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T20:35:24Z/ |
|
|
| url |
https://vuldb.com/?id.346463 |
|
| 8 |
| reference_url |
https://vuldb.com/?submit.753243 |
| reference_id |
?submit.753243 |
| reference_type |
|
| scores |
| 0 |
| value |
5.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
|
| 1 |
| value |
4.7 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 2 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
|
| 3 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 4 |
| value |
2.0 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
|
| 5 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
|
| 6 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 7 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-18T20:35:24Z/ |
|
|
| url |
https://vuldb.com/?submit.753243 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-2666, GHSA-r9wp-qq53-qvjx
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-py7n-se1p-zqde |
|
| 11 |
| url |
VCID-u2js-ny6g-fug2 |
| vulnerability_id |
VCID-u2js-ny6g-fug2 |
| summary |
A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-4375 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.26228 |
| scoring_system |
epss |
| scoring_elements |
0.96421 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.26228 |
| scoring_system |
epss |
| scoring_elements |
0.96432 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.26228 |
| scoring_system |
epss |
| scoring_elements |
0.96434 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.26228 |
| scoring_system |
epss |
| scoring_elements |
0.96431 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-4375 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://gitee.com/mingSoft/MCMS/issues/I61TG5 |
| reference_id |
I61TG5 |
| reference_type |
|
| scores |
| 0 |
| value |
6.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:55:11Z/ |
|
|
| url |
https://gitee.com/mingSoft/MCMS/issues/I61TG5 |
|
| 4 |
| reference_url |
https://vuldb.com/?id.215196 |
| reference_id |
?id.215196 |
| reference_type |
|
| scores |
| 0 |
| value |
6.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:55:11Z/ |
|
|
| url |
https://vuldb.com/?id.215196 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-4375, GHSA-hc5g-xf64-j49j
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u2js-ny6g-fug2 |
|
| 12 |
|
| 13 |
|