CVE-2025-56316

Critical CVSS: 9.8

A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.

Vendor

Mingsoft

Product

Mcms

CWE

CWE-89

Yayın Tarihi

2025-10-17 19:15:37

Güncelleme

2025-10-28 16:44:48

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Mcms CRITICAL Mingsoft 2025

Referanslar

https://gist.github.com/Erosion2020/5892757e0c6eeb647a218d1c3b323cff https://github.com/ming-soft/MCMS

Benzer Kayıtlar

Medium

CVE-2026-2666

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTem…

Medium

CVE-2025-60837

A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in…

Medium

CVE-2025-60838

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted…

Critical

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary cod…