Create MCMS_list_Interface_sqlWhere_Sql_Injection_Vulnerability.md

add MCMS_list_Interface_sqlWhere_Sql_Injection_Vulnerability

MCMS_list_Interface_sqlWhere_Sql_Injection_Vulnerability.md

@@ -0,0 +1,12 @@
+## MCMS list Interface sqlWhere Sql Injection Vulnerability
+
+|   **Vulnerability**  | **MCMS list Interface sqlWhere Sql Injection Vulnerability**  |
+| :----:   | :-----|
+|  **Chinese name**  | 铭飞 CMS list 接口 sqlWhere 参数 sql 注入漏洞 |
+| **CVSS core**  | 7.5 |
+| **FOFA Query**  (click to view the results directly)| [body=\"铭飞MCMS\" \|\| body=\"/mdiy/formData/save.do\" \|\| body=\"static/plugins/ms/1.0.0/ms.js\"](https://en.fofa.info/result?qbase64=Ym9keT0i6ZOt6aOeTUNNUyIgfHwgYm9keT0iL21kaXkvZm9ybURhdGEvc2F2ZS5kbyIgfHwgYm9keT0ic3RhdGljL3BsdWdpbnMvbXMvMS4wLjAvbXMuanMi) |
+| **Number of assets affected**  | 3091 |
+| **Description**  | MCMS is a set of lightweight open source content management system developed based on java. It is simple, safe, open source and free. It can run on Linux, Windows, MacOSX, Solaris and other platforms. The system has an sql injection vulnerability before the 5.2.10 version. You can use this vulnerability to obtain sensitive information |
+| **Impact** | In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions. |
+
+![](https://s3.bmp.ovh/imgs/2023/05/04/9119224cdf0a37f4.gif)