Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery
Vulnerability Description
A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
MingSoft MCMS 安全漏洞
Vulnerability Description
MingSoft MCMS是中国MingSoft公司的一个模块化内容管理框架。 mingSoft MCMS 5.5.0及之前版本存在安全漏洞,该漏洞源于对文件net/mingsoft/cms/action/BaseAction.java中参数catchimage的操作不当,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A