Pre-Auth Remote Code Execution (RCE) Vulnerability in MCMS <=5.2.5

Pre-Auth Remote Code Execution (RCE) Vulnerability in MCMS <=5.2.5

CVE-2021-46384 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary code (remote). The attack vector is: ${"freemarker.template.utility.Execute"?new()("calc")}. ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise MCMS. Successful attacks of this vulnerability can result in takeover of MCMS.

Learn more about our Cms Pen Testing.