File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload.
References
Link | Resource |
---|---|
https://gitee.com/mingSoft/MCMS/issues/I4R0GW | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2022, 19:45
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gitee.com/mingSoft/MCMS/issues/I4R0GW - Exploit, Issue Tracking, Third Party Advisory |
21 Oct 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. |
02 Feb 2022, 20:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:* | |
References | (MISC) https://gitee.com/mingSoft/MCMS/issues/I4R0GW - Exploit, Third Party Advisory | |
First Time |
Mingsoft
Mingsoft mcms |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-434 |
26 Jan 2022, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-26 17:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-46386
Mitre link : CVE-2021-46386
CVE.ORG link : CVE-2021-46386
JSON object : View
Products Affected
mingsoft
- mcms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type