CVE-2022-22929 – net.mingsoft:ms-mcms

Package

Manager: maven
Name: net.mingsoft:ms-mcms
Vulnerable Version: >=0 <=5.2.4

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02652 pctl0.85202

Details

Arbitrary File Upload in Mingsoft MCMS MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

Metadata

Created: 2022-01-22T00:00:50Z
Modified: 2023-07-08T00:05:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-77hh-p7r6-66pv/GHSA-77hh-p7r6-66pv.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-77hh-p7r6-66pv
Finding: F027
Auto approve: 1