CVE-2025-29287

Critical CVSS: 9.8

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.

Vendor

Mingsoft

Product

Mcms

CWE

CWE-434

Yayın Tarihi

2025-04-21 15:15:59

Güncelleme

2025-04-24 16:37:54

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Mcms CRITICAL Mingsoft 2025

Referanslar

http://cms.com https://gist.github.com/erdan111/38dcb5150b523436fe01249b2542f02f#file-cve-2025-29287 https://gitee.com/mingSoft/MCMS/issues/IBOOTX https://gitee.com/mingSoft/MCMS/issues/IBOOTX

Benzer Kayıtlar

Medium

CVE-2026-2666

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTem…

Medium

CVE-2025-60837

A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in…

Critical

CVE-2025-56316

A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remo…

Medium

CVE-2025-60838

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted…