Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mingsoft MCMS list sql injection
Vulnerability Description
A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对消息或数据结构的处理不恰当
Vulnerability Title
Mingsoft MCMS SQL注入漏洞
Vulnerability Description
MingSoft MCMS是中国铭飞(MingSoft)公司的一个完整开源的 J2ee 系统。 MingSoft MCMS 5.2.9之前版本存在SQL注入漏洞,该漏洞源于对参数sqlWhere的错误操作导致sql注入。
CVSS Information
N/A
Vulnerability Type
N/A