Search Results | AttackerKB

Show filters

Topics 9 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

9 Total Results

Displaying 1-9 of 9

Attacker Value

Unknown

CVE-2023-51282

Disclosure Date: January 16, 2024 (last updated January 24, 2024)

An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-25125

Disclosure Date: March 03, 2022 (last updated February 23, 2025)

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2021-46037

Disclosure Date: February 18, 2022 (last updated October 07, 2023)

MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2021-46036

Disclosure Date: February 18, 2022 (last updated February 23, 2025)

An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-23315

Disclosure Date: January 21, 2022 (last updated February 23, 2025)

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-23314

Disclosure Date: January 21, 2022 (last updated February 23, 2025)

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-22930

Disclosure Date: January 21, 2022 (last updated October 07, 2023)

A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-22929

Disclosure Date: January 21, 2022 (last updated February 23, 2025)

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-22928

Disclosure Date: January 21, 2022 (last updated February 23, 2025)

MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.

Attack Vector: Network Privileges: None User Interaction: None

0