Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03N2hoLXA3cjYtNjZwds0l6g
Arbitrary File Upload in Mingsoft MCMS
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
Permalink: https://github.com/advisories/GHSA-77hh-p7r6-66pvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03N2hoLXA3cjYtNjZwds0l6g
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: 10 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-77hh-p7r6-66pv, CVE-2022-22929
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-22929
- https://web.archive.org/web/20230521040336/https://gitee.com/mingSoft/MCMS/issues/I4Q4NV
- https://github.com/advisories/GHSA-77hh-p7r6-66pv
Affected Packages
maven:net.mingsoft:ms-mcms
Dependent packages: 3Dependent repositories: 2
Downloads:
Affected Version Ranges: <= 5.2.4
No known fixed version
All affected versions: 4.6.5, 4.7.1, 4.7.2, 5.0.0, 5.0.1, 5.2.1, 5.2.2, 5.2.3, 5.2.4