CVE Tools

mingsoft

Web & CMS Pluginscommercial

27

Cumulative CVEs

6

Monthly snapshots

#69

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting mingsoft.

CVE-2026-4954mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection6.3Mar 27, 2026
CVE-2026-4953mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery7.3Mar 27, 2026
CVE-2026-2666mingSoft MCMS Template Archive uploadTemplate.do unrestricted upload4.7Feb 18, 2026
CVE-2025-60837A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.6.1Oct 23, 2025
CVE-2025-56316A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the Fr...9.8Oct 17, 2025
CVE-2025-60838An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.6.5Oct 10, 2025
CVE-2025-29287An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.9.8Apr 21, 2025
CVE-2024-42991MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.8.1Sep 3, 2024
CVE-2024-22567File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.8.8Feb 5, 2024
CVE-2023-51282An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.7.5Jan 16, 2024
CVE-2023-50578Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.9.8Dec 30, 2023
CVE-2023-3990Mingsoft MCMS HTTP POST Request search.do cross site scripting3.5Jul 28, 2023
CVE-2020-22755File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.8.8May 8, 2023
CVE-2020-20913SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.9.8Apr 4, 2023
CVE-2022-47042MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.8.8Jan 24, 2023