CVE-2022-27340: Cross Site Request Forgery in Mingsoft MCMS
8.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.51535%
CWE
Published
4/23/2022
Updated
1/27/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
net.mingsoft:ms-mcms | maven | <= 5.2.7 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
- The vulnerability explicitly references /role/saveOrUpdateRole.do as the attack vector
- CSRF vulnerabilities typically manifest in state-changing endpoints without anti-CSRF token validation
- The path structure suggests a Spring MVC controller handling role management operations
- High confidence comes from the direct endpoint reference in CVE details and typical Java web application architecture patterns