An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do.
{
"cwe_ids": [
"CWE-89"
],
"severity": "CRITICAL",
"github_reviewed_at": "2021-04-06T19:46:49Z",
"github_reviewed": true,
"nvd_published_at": "2021-01-26T18:15:00Z"
}