CVE-2026-7578

MEDIUM

MacCMS Pro Plugin Installation add.html install unrestricted upload

Title source: cna

Description

A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/360419

[Signature, Permissions Required] https://vuldb.com/vuln/360419/cti

[Third Party Advisory] https://vuldb.com/submit/792283

[Exploit] https://github.com/qingyun985/Cyber-Security/issues/1

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 9.5%

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284 CWE-434

Status published

Products (4)

None/MacCMS Pro 2022.1.0

None/MacCMS Pro 2022.1.1

None/MacCMS Pro 2022.1.2

None/MacCMS Pro 2022.1.3

Published May 01, 2026

Tracked Since May 01, 2026