CVE-2021-46384
published 2022-03-04CVE-2021-46384: https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.08%
79.1th percentile
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mingsoft | mcms | <= 5.2.5 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Remote code execution in net.mingsoft:ms-mcms
ghsa·2022-03-05
CVE-2021-46384 [CRITICAL] CWE-287 Remote code execution in net.mingsoft:ms-mcms
Remote code execution in net.mingsoft:ms-mcms
net.mingsoft:ms-mcms <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.
OSV
Remote code execution in net.mingsoft:ms-mcms
osv·2022-03-05
CVE-2021-46384 [CRITICAL] Remote code execution in net.mingsoft:ms-mcms
Remote code execution in net.mingsoft:ms-mcms
net.mingsoft:ms-mcms <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-04
Published