wuweiit/mushroom

wuweiit/mushroom

Releases4

Frequency2 years 9 months

Last Release over 1 year ago

Stars224

MRCMS 是一款基于Java的智能内容管理系统，支持扩展、主题、AI (暂停维护，移步mrcms-v4)

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-29909 ↗	Mar 30, 2026Monday, 30 March 2026, 17:16	5.3 MEDIUM	—
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials.
CVE-2024-25428 ↗	Feb 20, 2024Tuesday, 20 February 2024, 22:15	6.5 MEDIUM	—
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter.
CVE-2018-17796 ↗	Sep 30, 2018Sunday, 30 September 2018, 20:29	—	7.5 HIGH
An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file.