CVE-2026-7578
MEDIUMMacCMS Pro Plugin Installation add.html install unrestricted upload
Title source: cnaDescription
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-360419 | MacCMS Pro Plugin Installation add.html install unrestricted upload
https://vuldb.com/vuln/360419
Signature, Permissions Required signature
permissions-required
VDB-360419 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/360419/cti
Third Party Advisory third-party-advisory
Submit #792283 | MacCMS MacCMS Pro 2022.1.3 Upload any file
https://vuldb.com/submit/792283
Exploit exploit
issue-tracking
https://github.com/qingyun985/Cyber-Security/issues/1
Scores
CVSS v3
4.7
EPSS
0.0023
EPSS Percentile
13.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
CWE-434
Status
published
Products (4)
None/MacCMS Pro
2022.1.0
None/MacCMS Pro
2022.1.1
None/MacCMS Pro
2022.1.2
None/MacCMS Pro
2022.1.3
Published
May 01, 2026
Tracked Since
May 01, 2026