mingSoft MCMS 5.2.7 listExcludeApp orderBy sql injection

A vulnerability was found in mingSoft MCMS 5.2.7. It has been declared as critical. This vulnerability affects some unknown functionality of the file /mdiy/dict/listExcludeApp. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field05/12/2022 10:24 AM05/14/2022 10:39 AM
vendormingSoftmingSoft
nameMCMSMCMS
version5.2.75.2.7
file/mdiy/dict/listExcludeApp/mdiy/dict/listExcludeApp
argumentorderByorderBy
cwe89 (sql injection)89 (sql injection)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rcCC
urlhttps://gitee.com/mingSoft/MCMS/issues/I54VLMhttps://gitee.com/mingSoft/MCMS/issues/I54VLM
cveCVE-2022-30047CVE-2022-30047
cve_assigned16514424001651442400
date1652306400 (05/12/2022)1652306400 (05/12/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore6.56.5
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.36.3
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore6.36.3
price_0day$0-$5k$0-$5k
cve_nvd_summaryMingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.

Do you want to use VulDB in your project?

Use the official API to access entries easily!