CVE-2018-18831

HIGH

Mingsoft Mcms - Path Traversal

Title source: rule

Description

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.

Exploits (1)

gitee 32,018 stars

by mingSoft · javawriteup

https://gitee.com/mingSoft/MCMS/issues/IO0K0

View on gitee

References (1)

[Third Party Advisory] https://gitee.com/mingSoft/MCMS/issues/IO0K0

Scores

CVSS v3 7.5

EPSS 0.0046

EPSS Percentile 63.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-22

Status published

Affected Products (2)

mingsoft/mcms

net.mingsoft/ms-mcms Maven

Timeline

Published Oct 30, 2018

Tracked Since Feb 18, 2026