Arbitrary File Upload Affecting net.mingsoft:ms-mcms package, versions [0,]


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.73% (81st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Arbitrary File Upload vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JAVA-NETMINGSOFT-2385690
  • published27 Jan 2022
  • disclosed27 Jan 2022
  • creditlz2y&r2

Introduced: 27 Jan 2022

CVE-2021-46386  (opens in a new tab)
CWE-434  (opens in a new tab)

How to fix?

There is no fixed version for net.mingsoft:ms-mcms.

Overview

Affected versions of this package are vulnerable to Arbitrary File Upload via the upload method. The only files that are restricted for upload are .exe and .jsp. This can lead to RCE when a webshell with a .jspx type, for example, is uploaded this way.

References

CVSS Scores

version 3.1