GSA_kwCzR0hTQS1wOTRxLTlxMm0tcGZoMs0v9Q

Critical EPSS: 0.82815% (0.99183 Percentile) EPSS:

Permalink JSON

SQL injection in net.mingsoft:ms-mcms

Affected Packages	Affected Versions	Fixed Versions
maven:net.mingsoft:ms-mcms	<= 5.2.5	No known fixed version
3 Dependent packages 2 Dependent repositories Affected Version Ranges All affected versions 4.6.5, 4.7.1, 4.7.2, 5.0.0, 5.0.1, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-23898
https://github.com/ming-soft/MCMS/issues/62
https://github.com/advisories/GHSA-p94q-9q2m-pfh2

Identifiers

GHSA-p94q-9q2m-pfh2

CVE-2022-23898

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.82815

EPSS Percentile: 0.99183

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/ming-soft/MCMS

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories