{ "Name": "MCMS 5.2.4 categoryId sqli", "Description": "
Mingfei MCms is a complete open source content management system.
The categoryId parameter of MCms 5.2.4 has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information and further control the server.
", "Product": "MCMS", "Homepage": "https://gitee.com/mingSoft/MCMS", "DisclosureDate": "2022-01-04", "Author": "1291904552@qq.com", "FofaQuery": "body=\"ms/1.0.0/ms.js\" || body=\"铭飞MCMS\"", "GobyQuery": "body=\"ms/1.0.0/ms.js\" || body=\"铭飞MCMS\"", "Level": "2", "Impact": "The categoryId parameter of MCms 5.2.4 has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information and further control the server.
", "Recommendation": "The vendor has released a bug fix, please pay attention to the update in time: https://gitee.com/mingSoft/MCMS
1. Set access policies and whitelist access through security devices such as firewalls.
2. If not necessary, prohibit public network access to the system.
", "Translation": { "CN": { "Name": "铭飞MCms 5.2.4版本 categoryId 参数 存在SQL 注入漏洞", "VulType": ["SQL注入"], "Tags": ["SQL注入"], "Description": "铭飞MCms 是一款完整开源的内容管理系统。
铭飞MCms 5.2.4版本 categoryId 参数存在SQL注入漏洞,攻击者可利用漏洞获取敏感信息,进一步控制服务器。
", "Impact": "铭飞MCms 5.2.4版本 categoryId 参数存在SQL注入漏洞,攻击者可利用漏洞获取敏感信息,进一步控制服务器。
", "Product": "MCMS", "Recommendation": "⼚商已发布了漏洞修复程序,请及时关注更新:https://gitee.com/mingSoft/MCMS
1、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。
2、如⾮必要,禁⽌公⽹访问该系统。
" }, "EN": { "Name": "MCMS 5.2.4 categoryId sqli", "VulType": ["sqli"], "Tags": ["sqli"], "Description": "Mingfei MCms is a complete open source content management system.
The categoryId parameter of MCms 5.2.4 has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information and further control the server.
", "Impact": "The categoryId parameter of MCms 5.2.4 has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information and further control the server.
", "Product": "MCMS", "Recommendation": "The vendor has released a bug fix, please pay attention to the update in time: https://gitee.com/mingSoft/MCMS
1. Set access policies and whitelist access through security devices such as firewalls.
2.If not necessary, prohibit public network access to the system.
" } }, "References": [ "https://forum.butian.net/share/998" ], "HasExp": true, "ExpParams": [ { "name": "sqlQuery", "type": "input", "value": "user()" } ], "ExpTips": null, "ScanSteps": null, "Tags": [ "sqli" ], "VulType": [ "sqli" ], "CVEIDs": [ "" ], "CVSSScore": "8.0", "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null }, "CNNVD": [ "" ], "CNVD": [ "" ] }