CVE-2021-46384

CRITICAL

MCMS <=5.2.5 - RCE

Title source: llm

Description

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.

Exploits (1)

gitee 32,018 stars

by mingSoft · javawriteup

https://gitee.com/mingSoft/MCMS/issues/I4QZ1O

View on gitee

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://gitee.com/mingSoft/MCMS/issues/I4QZ1O

Scores

CVSS v3 9.8

EPSS 0.1226

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-306

Status published

Affected Products (2)

mingsoft/mcms < 5.2.5

net.mingsoft/ms-mcms < 5.2.6Maven

Timeline

Published Mar 04, 2022

Tracked Since Feb 18, 2026