Lz2Y&R2

**Name of the Vulnerable Software and Affected Versions** mingSoft MCMS version 5.2.4 **Description** An issue in mingSoft MCMS allows a remote attacker to obtain sensitive information via a crafted script to the `password` parameter. **Recommendations** For mingSoft MCMS version 5.2.4, consider restricting access to the `password` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCMS versions 5.2.5 and earlier **Description** The issue allows an unauthenticated attacker with network access via http to compromise MCMS, resulting in the takeover of MCMS. The attack vector is: `${"freemarker.template.utility.Execute"?new()("calc")}`. This is a pre-auth RCE vulnerability that enables the execution of arbitrary code remotely. **Recommendations** For MCMS versions 5.2.5 and earlier, as a temporary workaround, consider restricting access to the `Execute` function in the freemarker template utility to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mingsoft MCMS versions <=5.2.5 **Description** The issue is related to a SQL injection vulnerability, which allows an attacker to obtain sensitive information from the database remotely. The component affected is `net.mingsoft.mdiy.action.web.DictAction#list`, and the attack vector involves using '0 or sleep(3)'. **Recommendations** For Mingsoft MCMS versions <=5.2.5, as a temporary workaround, consider disabling the `net.mingsoft.mdiy.action.web.DictAction#list` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mingsoft MCMS versions 5.2.5 and earlier **Description** The issue allows an attacker to obtain sensitive information from the database through a SQL injection vulnerability. The component `net.mingsoft.mdiy.action.FormDataAction#queryData` is affected, and the attack vector involves using `0 or sleep(3)`. This vulnerability can be exploited remotely. **Recommendations** For versions 5.2.5 and earlier, as a temporary workaround, consider restricting access to the `/querydata` endpoint until a patch is available. Additionally, avoid using the `queryData` function in the `net.mingsoft.mdiy.action.FormDataAction` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.2.4 **Description** The issue allows attackers to execute arbitrary code via a crafted ZIP file, exploiting an arbitrary file upload vulnerability in the New Template module. **Recommendations** For MCMS version 5.2.4, consider disabling the New Template module until a patch is available to prevent exploitation of the arbitrary file upload vulnerability. Restrict access to the module to minimize the risk of arbitrary code execution. Avoid using the module with untrusted ZIP files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.2.4 **Description** A remote code execution issue in the Template Management function allows attackers to execute arbitrary code via a crafted payload. **Recommendations** For MCMS version 5.2.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.2.4 **Description** A SQL injection issue was discovered in MCMS. The issue is related to the `/ms/mdiy/model/importJson.do` API endpoint. **Recommendations** For MCMS version 5.2.4, as a temporary workaround, consider restricting access to the `/ms/mdiy/model/importJson.do` API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.2.4 **Description** The issue is related to an arbitrary file upload vulnerability. This vulnerability can be exploited via the `/ms/template/writeFileContent.do` API endpoint. **Recommendations** For MCMS version 5.2.4, consider restricting access to the `/ms/template/writeFileContent.do` API endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using this endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.2.4 **Description** The issue allows attackers to exploit a hardcoded `shiro-key` and execute arbitrary code. **Recommendations** For MCMS version 5.2.4, consider removing or updating the hardcoded `shiro-key` to prevent exploitation. As a temporary workaround, restrict access to sensitive areas of the system that utilize the `shiro-key` until a more permanent solution is available.