CVE-2025-56316

Name of the Vulnerable Software and Affected Versions MCMS version 5.5.0

Description A SQL injection issue exists in MCMS. The issue is due to unsanitized input within the FreeMarker template rendering, specifically affecting the content title parameter of the /cms/content/list API endpoint. This allows remote attackers to execute arbitrary SQL queries.

API Endpoints: /cms/content/list Vulnerable Parameters or Variables: content title

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /cms/content/list API endpoint.