CVE-2026-4954 PUBLISHED

mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

Assigner: VulDB
Reserved: 27.03.2026 Published: 27.03.2026 Updated: 27.03.2026

A security vulnerability has been detected in mingSoft MCMS 迄 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 5.3

Product Status

Vendor mingSoft
Product MCMS
Versions
  • Version 5.0 is affected
  • Version 5.1 is affected
  • Version 5.2 is affected
  • Version 5.3 is affected
  • Version 5.4 is affected
  • Version 5.5.0 is affected

Credits

  • Winegee (VulDB User) reporter

References

Problem Types

  • SQL Injection CWE
  • Injection CWE