Miggo Logo
Miggo Vulnerability Database
CVE-2023-50578

CVE-2023-50578: Mingsoft MCMS SQL injection

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-50578
GHSA ID
GHSA-3vvh-8c65-32j4
EPSS Score
0.50208%
CWE
CWE-89
Published
12/30/2023
Updated
1/8/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
net.mingsoft:ms-mcmsmaven<= 5.2.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in the content list handler that processes user-controlled 'sqlWhere' parameter containing JSON data. The POC demonstrates injection through a crafted 'field' parameter containing updatexml() function. The pattern matches CWE-89 as user input is directly concatenated into SQL queries without proper parameterization. The endpoint mapping and parameter names align with typical Java Spring MVC controller patterns where request parameters are bound to handler method arguments.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Min*so*t M*MS v*.*.* w*s *is*ov*r** to *ont*in * SQL inj**tion vuln*r**ility vi* t** **t**oryTyp* p*r*m*t*r *t /*ont*nt/list.*o.

Reasoning

T** vuln*r**ility m*ni**sts in t** *ont*nt list **n*l*r t**t pro**ss*s us*r-*ontroll** 'sqlW**r*' p*r*m*t*r *ont*inin* JSON **t*. T** PO* **monstr*t*s inj**tion t*rou** * *r**t** '*i*l*' p*r*m*t*r *ont*inin* `up**t*xml()` *un*tion. T** p*tt*rn m*t***