GSA_kwCzR0hTQS1oeDhwLTltNDgtZzc2cs4AAyiO

Critical EPSS: 0.03613% (0.86689 Percentile) EPSS:

Permalink JSON

Ming-Soft MCMS vulnerable to SQL injection

Affected Packages	Affected Versions	Fixed Versions
maven:net.mingsoft:ms-mcms	< 5.1	5.1
3 Dependent packages 2 Dependent repositories Affected Version Ranges All affected versions 4.6.5, 4.7.1, 4.7.2, 5.0.0, 5.0.1 All unaffected versions 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.5.0, 6.0.0, 6.0.1

SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. This issue is resolved in v5.1.

References:

Identifiers

GHSA-hx8p-9m48-g76r

CVE-2020-20913

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.03613

EPSS Percentile: 0.86689

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/ming-soft/MCMS

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories