CVE-2026-2666

Medium CVSS: 5.1

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.

Vendor

Mingsoft

Product

Mcms

CWE

CWE-284

Yayın Tarihi

2026-02-18 20:18:37

Güncelleme

2026-02-19 18:36:04

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 Mcms MEDIUM Mingsoft 2026

Referanslar

https://github.com/chujianxin0101/vuln/issues/11 https://github.com/chujianxin0101/vuln/issues/11#issue-3905144613 https://vuldb.com/?ctiid.346463 https://vuldb.com/?id.346463 https://vuldb.com/?submit.753243

Benzer Kayıtlar

Medium

CVE-2025-60837

A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in…

Critical

CVE-2025-56316

A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remo…

Medium

CVE-2025-60838

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted…

Critical

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary cod…