cbcvebase.

Mingsoft Mcms vulnerabilities

49 known vulnerabilities affecting mingsoft/mcms.

Total CVEs
49
CISA KEV
0
Public exploits
6
Exploited in wild
1
Severity breakdown
CRITICAL28HIGH15MEDIUM6

Vulnerabilities

Page 3 of 3
CVE-2025-60838P3MEDIUMCVSS 6.5≤ 6.0.12025-10-10
CVE-2025-60838 [MEDIUM] CWE-77 CVE-2025-60838: An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.
nvd
CVE-2022-29647P3HIGHCVSS 8.8v5.2.72022-06-02
CVE-2022-29647 [HIGH] CWE-352 CVE-2022-29647: An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator a An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
nvd
CVE-2023-51282P3HIGHCVSS 7.5v5.2.42024-01-16
CVE-2023-51282 [HIGH] CWE-94 CVE-2023-51282: An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a c An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.
nvd
CVE-2022-27340P3HIGHCVSS 8.8v5.2.72022-04-22
CVE-2022-27340 [HIGH] CWE-352 CVE-2022-27340: MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnera MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.
nvd
CVE-2018-17366P3HIGHCVSS 8.8v4.6.52018-09-23
CVE-2018-17366 [HIGH] CWE-352 CVE-2018-17366: An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator a An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
nvd
CVE-2022-4350P4MEDIUMCVSS 6.1v5.2.82022-12-08
CVE-2022-4350 [MEDIUM] CWE-707 CVE-2022-4350: A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vu
nvd
CVE-2021-46062P4HIGHCVSS 7.1v5.2.52022-02-18
CVE-2021-46062 [HIGH] CVE-2021-46062: MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component old MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.
nvd
CVE-2022-4640P4MEDIUMCVSS 5.4v5.2.92022-12-21
CVE-2022-4640 [MEDIUM] CWE-707 CVE-2022-4640: A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by thi A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the af
nvd
CVE-2025-60837P4MEDIUMCVSS 6.1≤ 6.0.12025-10-23
CVE-2025-60837 [MEDIUM] CWE-79 CVE-2025-60837: A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbi A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
nvd
Mingsoft Mcms vulnerabilities | cvebase