CVE-2022-29647

Cross-Site Request Forgery (CSRF) in maven/net.mingsoft/ms-mcms

Identifiers

GHSA-gp39-qj5f-43qv, CVE-2022-29647

Package Slug

maven/net.mingsoft/ms-mcms

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.

Affected Versions

All versions up to 5.2.7

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-06-17

source