Vulnerability Database

298,930

Total vulnerabilities in the database

CVE-2025-56316

A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.

Published: Oct 17, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-56316
GHSA: GHSA-54wc-49qj-5ghj
Severity: Critical
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
net.mingsoft / ms-mcms	5.5.0	6.0.2
mingsoft / mcms	5.5.0	5.5.0.x
mingsoft / mcms	6.0.1	6.0.1.x

https://gist.github.com/Erosion2020/5892757e0c6eeb647a218d1c3b323cff
https://github.com/ming-soft/MCMS
https://github.com/ming-soft/MCMS/commit/35ccbf1e3d38ab6aa178524a47c38dff6b448b59

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo