CVE-2026-4953

EUVD-2026-16629
A weakness has been identified in mingSoft MCMS θΏ„ 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
7.3 HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
mingsoftmcms
5.0
mingsoftmcms
5.1
mingsoftmcms
5.2
mingsoftmcms
5.3
mingsoftmcms
5.4
mingsoftmcms
5.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/wing3e/public_exp/issues/3
https://vuldb.com/?ctiid.353831
https://vuldb.com/?id.353831
https://vuldb.com/?submit.777516