CVE-2021-46383

Name of the Vulnerable Software and Affected Versions Mingsoft MCMS versions <=5.2.5

Description The issue is related to a SQL injection vulnerability, which allows an attacker to obtain sensitive information from the database remotely. The component affected is net.mingsoft.mdiy.action.web.DictAction#list, and the attack vector involves using '0 or sleep(3)'.

Recommendations For Mingsoft MCMS versions <=5.2.5, as a temporary workaround, consider disabling the net.mingsoft.mdiy.action.web.DictAction#list component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.