Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MingSoft MCMS 访问控制错误漏洞
Vulnerability Description
MingSoft MCMS是中国铭飞(MingSoft)公司的一个完整开源的 J2ee 系统。 MingSoft MCMS 5.2.5及其之前版本存在访问控制错误漏洞,该漏洞源于net.mingsoft.basic.action.web.EditorAction#editor缺少对于json数据的过滤和配置,攻击者可以利用该漏洞实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A