wuweiit/mushroom on GitHub
MRCMS 是一款基于Java的动态内容管理系统
CVE History
| CVE | Published | CVSS v2 | CVSS v3 |
|---|---|---|---|
| CVE-2024-25428 | N/A | N/A | |
| SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. | |||
| CVE-2018-17796 | 9.8 CRITICAL | 7.5 HIGH | |
| An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file. | |||