CVE-2022-4375 PoC — Mingsoft MCMS SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-4375.yaml

Associated Vulnerability

Title:Mingsoft MCMS SQL注入漏洞 (CVE-2022-4375)
Description:MingSoft MCMS是中国铭飞（MingSoft）公司的一个完整开源的 J2ee 系统。 MingSoft MCMS 5.2.9之前版本存在SQL注入漏洞，该漏洞源于对参数sqlWhere的错误操作导致sql注入。

Description

SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list.

File Snapshot


 id: CVE-2022-4375

info:
  name: Mingsoft MCMS - SQL Injection
  author: ritikchaddha
  severity: cr

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!