-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| net.mingsoft:ms-mcms | maven | <= 5.2.9 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in the content list handler that processes user-controlled 'sqlWhere' parameter containing JSON data. The POC demonstrates injection through a crafted 'field' parameter containing updatexml() function. The pattern matches CWE-89 as user input is directly concatenated into SQL queries without proper parameterization. The endpoint mapping and parameter names align with typical Java Spring MVC controller patterns where request parameters are bound to handler method arguments.
Ongoing coverage of React2Shell