CVE-2021-46384

EUVD-2022-1523
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ΒΆΒΆ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
mingsoftmcms
𝑥
≤ 5.2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gitee.com/mingSoft/MCMS/issues/I4QZ1O
https://gitee.com/mingSoft/MCMS/issues/I4QZ1O