Y4Ntsing

**Name of the Vulnerable Software and Affected Versions** ming-soft MCMS version 5.0 **Description** An issue was discovered where a malicious user can exploit SQL injection without logging in through the "/mcms/view.do" API endpoint. **Recommendations** For ming-soft MCMS version 5.0, consider restricting access to the "/mcms/view.do" API endpoint until a patch is available to prevent SQL injection exploitation.