CVE-2023-5029: mccms 1 sql injection
First published: Sun Sep 17 2023(Updated: )
A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Chshcms Mccms | =2.6 | |
| =2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-5029?
The severity of CVE-2023-5029 is high with a score of 8.8.
What is the affected software for CVE-2023-5029?
The affected software for CVE-2023-5029 is mccms 2.6.
What is the vulnerability type for CVE-2023-5029?
The vulnerability type for CVE-2023-5029 is SQL injection.
How can I fix CVE-2023-5029?
To fix CVE-2023-5029, it is recommended to update mccms to a version that has the vulnerability patched.
Where can I find more information about CVE-2023-5029?
You can find more information about CVE-2023-5029 on the following references: [Link 1](https://github.com/1541284314/cve/blob/main/README.md), [Link 2](https://vuldb.com/?ctiid.239871), [Link 3](https://vuldb.com/?id.239871).
- collector/nvd-index
- agent/type
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/title
- agent/severity
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/chshcms
- canonical/chshcms mccms
- version/chshcms mccms/2.6