辛夷

**Name of the Vulnerable Software and Affected Versions** Mingsoft MCMS version 5.2.7 **Description** A SQL injection issue was found in the /mdiy/dict/listExcludeApp URI via the `orderBy` parameter. This allows for potential exploitation. **Recommendations** For Mingsoft MCMS version 5.2.7, avoid using the `orderBy` parameter in the /mdiy/dict/listExcludeApp URI until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mingsoft MCMS version 5.2.7 **Description** A SQL injection issue was found in the /mdiy/dict/list URI via the `orderBy` parameter. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For Mingsoft MCMS version 5.2.7, consider restricting access to the /mdiy/dict/list URI or avoiding the use of the `orderBy` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.