CVE-2026-4954 | mingSoft MCMS up to 5.5.0 Web Content List Endpoint ContentAction.java list sql injection

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability identified as critical has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection.

This vulnerability is documented as CVE-2026-4954. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-4954 | mingSoft MCMS up to 5.5.0 Web Content List Endpoint ContentAction.java list sql injection

Post correlati

CVE-2024-35153 | IBM WebSphere Application Server 8.5/9.0 Web UI cross site scripting (XFDB-292640)

CVE-2024-43883 | Linux Kernel up to 6.10.4 vhci-hcd resource consumption (ZDI-CAN-22273)

CVE-2024-22343 | IBM TXSeries for Multiplatforms 8.2 unknown vulnerability (XFDB-280190)

CVE-2025-10147 | Eric Teubert Podlove Podcast Publisher Plugin up to 4.2.6 on WordPress move_as_original_file unrestricted upload