A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.
{ "versions": [ { "introduced": "0" }, { "last_affected": "5.5.0" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-56316.json"
[ { "events": [ { "introduced": "0" }, { "last_affected": "6.0.1" } ] } ]