Описание
MCMS Arbitrary File Deletion vulnerability
net.mingsoft:ms-basic is used for plugin management for applications built with Maven for the Mingfei Content Management System (MCMS). ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to /template/writeFileContent via the oldFileName parameter. MCMS before 5.2.11 is also vulnerable since it bundles vulnerable versions of ms-basic.
Пакеты
Наименование
net.mingsoft:ms-basic
maven
Затронутые версииВерсия исправления
< 2.1.16
2.1.16
Наименование
net.mingsoft:ms-mcms
maven
Затронутые версииВерсия исправления
< 5.2.11
5.2.11
Связанные уязвимости
CVSS3: 7.1
nvd
почти 4 года назад
MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName.