Home

Description

A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.

PUBLISHED Reserved 2025-08-16 | Published 2025-10-17 | Updated 2025-10-17 | Assigner mitre

References

github.com/ming-soft/MCMS

gist.github.com/Erosion2020/5892757e0c6eeb647a218d1c3b323cff

cve.org (CVE-2025-56316)

nvd.nist.gov (CVE-2025-56316)

Download JSON