Описание
Mingsoft MCMS SQL injection vulnerability
Mingsoft MCMS contains a SQL injection vulnerability relating to the component net.mingsoft.mdiy.action.web.DictAction#list.
Пакеты
Наименование
net.mingsoft:ms-mcms
maven
Затронутые версииВерсия исправления
<= 5.2.5
5.2.6
Связанные уязвимости
CVSS3: 7.5
nvd
около 4 лет назад
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.