wuweiit/mushroom on GitHub
MRCMS 是一款基于Java的动态内容管理系统
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2024-25428 | N/A | N/A | |
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. | |||
CVE-2018-17796 | 9.8 CRITICAL | 7.5 HIGH | |
An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. |