← volver
CVE-2026-4954

mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74CWE-89
A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
mingSoft · MCMS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/wing3e/public_exp/issues/4https://vuldb.com/?ctiid.353832https://vuldb.com/?id.353832https://vuldb.com/?submit.777533