CNNVD-202510-2419 Information

CNNVD ID

CNNVD-202510-2419

Related CVE

CVE-2025-56316

• CNNVD Published: 2025-10-17

Description (Chinese)

MingSoft MCMS是中国铭飞（MingSoft）公司的一个完整开源的 J2ee 系统。 MingSoft MCMS 5.5.0版本存在安全漏洞，该漏洞源于FreeMarker模板渲染时未清理content_title参数输入，可能导致SQL注入攻击。

Description (English)

MingSoft MCMS is a complete open-source J2ee system for MinSoft. MingSoft MMCMS version 5.5.0 contains a security loophole, which originates from uncleaned input of content title parameters when the FreeMarter template is rendered, which could lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

铭飞

Published

2025-10-17

Last Modified

2026-02-24

References

https://gist.github.com/Erosion2020/5892757e0c6eeb647a218d1c3b323cff https://github.com/ming-soft/MCMS https://access.redhat.com/security/cve/cve-2025-56316