CVE-2023-50578
published 2023-12-30CVE-2023-50578: Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.22%
80.5th percentile
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mingsoft | mcms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
othercategoryType=1&sqlWhere=%5b%7b%22action%22%3a%22and%22%2c%22field%22%3a%22updatexml(1%2cconcat(0x7e%2cmd5({{num}})%2c0x7e)%2c1)%22%2c%22el%22%3a%22eq%22%2c%22model%22%3a%22contentTitle%22%2c%22name%22%3a%22%C3%A6%C2%96%C2%87%C3%A7%C2%AB%20%C3%A6%20%C2%87%C3%A9%C2%A2%C2%98%22%2c%22type%22%3a%22input%22%2c%22value%22%3a%22111%22%7d%5d&pageNo=1&pageSize=10
otherhttp.favicon.hash:1464851260
othericon_hash="1464851260"
- →Exploit targets POST /cms/content/list.do with a crafted sqlWhere parameter containing an UPDATEXML-based error injection payload; detect POST requests to this endpoint with sqlWhere values containing 'updatexml' or 'concat(0x7e'. ↗
- →Successful exploitation returns the MD5 partial hash 'c8c605999f3d8352d7bb792cf3fdb25' (MD5 of 999999999) in the HTTP response body; alert on this string in responses from MCMS endpoints. ↗
- →The vulnerable parameter is 'categoryType' at /content/list.do; monitor for unsanitized or anomalous values in this parameter in HTTP POST bodies. ↗
- →Use Shodan favicon hash 1464851260 or FOFA icon_hash="1464851260" to identify exposed Mingsoft MCMS instances for proactive scanning. ↗
- →Content-Type of the exploit request is application/x-www-form-urlencoded; correlate with POST to /cms/content/list.do for detection. ↗
- ·The Nuclei template uses a numeric variable (num=999999999) to generate a deterministic MD5 canary value; the response match string 'c8c605999f3d8352d7bb792cf3fdb25' is specific to this probe value and will not match exploitation using different numeric inputs. ↗
- ·The template is configured for a maximum of 2 requests; detection coverage is limited to the specific UPDATEXML error-based injection path and may not cover blind or time-based SQLi variants. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mingsoft MCMS SQL injection
osv·2023-12-30
CVE-2023-50578 [HIGH] Mingsoft MCMS SQL injection
Mingsoft MCMS SQL injection
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
GHSA
Mingsoft MCMS SQL injection
ghsa·2023-12-30
CVE-2023-50578 [HIGH] CWE-89 Mingsoft MCMS SQL injection
Mingsoft MCMS SQL injection
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.
No detection rules found.
Nuclei
Mingsoft MCMS 5.2.9 - SQL Injection
nuclei·CVSS 9.8
CVE-2023-50578 [CRITICAL] Mingsoft MCMS 5.2.9 - SQL Injection
Mingsoft MCMS 5.2.9 - SQL Injection
Mingsoft MCMS v5.2.9 contains a SQL injection caused by unsanitized categoryType parameter at /content/list.do, letting attackers execute arbitrary SQL commands, exploit requires crafted input.
Template:
id: CVE-2023-50578
info:
name: Mingsoft MCMS 5.2.9 - SQL Injection
author: ritikchaddha
severity: critical
description: |
Mingsoft MCMS v5.2.9 contains a SQL injection caused by unsanitized categoryType parameter at /content/list.do, letting attackers execute arbitrary SQL commands, exploit requires crafted input.
impact: |
Attackers can execute arbitrary SQL commands, potentially leading to data leakage, modification, or deletion.
remediation: |
Update to the latest version of Mingsoft MCMS or apply security patches that sanitize input parameters.
r
No writeups or analysis indexed.
2023-12-30
Published