Mingsoft MCMS SQL injection · CVE-2023-50578 · GitHub Advisory Database · GitHub

Mingsoft MCMS SQL injection

High severity GitHub Reviewed Published Dec 30, 2023 to the GitHub Advisory Database • Updated Jan 8, 2024

Package

net.mingsoft:ms-mcms (Maven)

Affected versions

<= 5.2.9

Patched versions

None

Description

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.

References

Published by the National Vulnerability Database

Dec 30, 2023

Published to the GitHub Advisory Database Dec 30, 2023

Reviewed Jan 3, 2024

Last updated Jan 8, 2024

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H