Описание
Mingsoft MCMS vulnerable to Remote Code Execution via file upload.
Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileAction#upload, resulting in remote code execution. It is unclear if this issue has been patched.
Пакеты
Наименование
net.mingsoft:ms-mcms
maven
Затронутые версииВерсия исправления
<= 5.2.5
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
около 4 лет назад
File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.