← voltar
CVE-2026-4954

mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74CWE-89
A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
mingSoft · MCMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/wing3e/public_exp/issues/4https://vuldb.com/?ctiid.353832https://vuldb.com/?id.353832https://vuldb.com/?submit.777533