CVE-2026-4954

MEDIUM 6.3

mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

CWE	CWE-89 CWE-74
Vendor	mingsoft
Product	mcms
Published	Mar 27, 2026
Last Updated	Mar 27, 2026

Stay Ahead of the Next One

Get instant alerts for mingsoft mcms

Be the first to know when new medium vulnerabilities affecting mingsoft mcms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

mingSoft / MCMS

5.0 5.1 5.2 5.3 5.4 5.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.353832 vuldb.com: https://vuldb.com/?ctiid.353832 vuldb.com: https://vuldb.com/?submit.777533 github.com: https://github.com/wing3e/public_exp/issues/4

Credits

🔍 Winegee (VulDB User)