CVE-2025-56316
published 2025-10-17CVE-2025-56316: A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.58%
43.3th percentile
A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MCMS vulnerable SQL injection via the content_title parameter
ghsa·2025-10-17
CVE-2025-56316 [CRITICAL] CWE-89 MCMS vulnerable SQL injection via the content_title parameter
MCMS vulnerable SQL injection via the content_title parameter
A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 through 6.0.1 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.
OSV
MCMS vulnerable SQL injection via the content_title parameter
osv·2025-10-17
CVE-2025-56316 [CRITICAL] MCMS vulnerable SQL injection via the content_title parameter
MCMS vulnerable SQL injection via the content_title parameter
A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 through 6.0.1 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-17
Published