CVE-2021-46062
HIGH7.1EPSS 0.17%MCMS Arbitrary File Deletion vulnerability
發布日:2022/2/19修改日:2024/2/16
描述
`net.mingsoft:ms-basic` is used for plugin management for applications built with Maven for the [Mingfei Content Management System (MCMS)](https://gitee.com/mingSoft/MCMS). ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to `/template/writeFileContent` via the `oldFileName` parameter. MCMS before 5.2.11 is also vulnerable since it bundles vulnerable versions of ms-basic.
受影響套件(2)
- Maven/net.mingsoft:ms-basicfrom 0, < 2.1.16
- Maven/net.mingsoft:ms-mcmsfrom 0, < 5.2.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |