Chauncyman

**Name of the Vulnerable Software and Affected Versions** ming-soft MCMS version 5.1 **Description** A problem was found in ming-soft MCMS, which has a sql injection vulnerability in the "/ms/cms/content/list.do" API endpoint. **Recommendations** For ming-soft MCMS version 5.1, consider restricting access to the "/ms/cms/content/list.do" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PublicCMS version 4.0 **Description** The issue is related to a remote code execution (RCE) vulnerability. It can be exploited via the `cmdarray` parameter. **Recommendations** For PublicCMS version 4.0, consider restricting access to the `cmdarray` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.