CVE-2021-46062
published 2022-02-18CVE-2021-46062: MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.
PriorityP428high7.1CVSS 3.1
AVLACLPRNUIRSUCNIHAH
EPSS
0.76%
50.5th percentile
MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mingsoft | mcms | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MCMS Arbitrary File Deletion vulnerability
osv·2022-02-19
CVE-2021-46062 [HIGH] MCMS Arbitrary File Deletion vulnerability
MCMS Arbitrary File Deletion vulnerability
`net.mingsoft:ms-basic` is used for plugin management for applications built with Maven for the [Mingfei Content Management System (MCMS)](https://gitee.com/mingSoft/MCMS). ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to `/template/writeFileContent` via the `oldFileName` parameter. MCMS before 5.2.11 is also vulnerable since it bundles vulnerable versions of ms-basic.
GHSA
MCMS Arbitrary File Deletion vulnerability
ghsa·2022-02-19
CVE-2021-46062 [HIGH] CWE-22 MCMS Arbitrary File Deletion vulnerability
MCMS Arbitrary File Deletion vulnerability
`net.mingsoft:ms-basic` is used for plugin management for applications built with Maven for the [Mingfei Content Management System (MCMS)](https://gitee.com/mingSoft/MCMS). ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to `/template/writeFileContent` via the `oldFileName` parameter. MCMS before 5.2.11 is also vulnerable since it bundles vulnerable versions of ms-basic.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-18
Published