CVE-2026-2666
Unrestricted File Upload Vulnerability in mingSoft MCMS
Publication date: 2026-02-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mingsoft | mcms | 6.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in mingSoft MCMS version 6.1.1, specifically in an unknown function within the file /ms/file/uploadTemplate.do, which is part of the Template Archive Handler component.
The flaw allows an attacker to manipulate the 'File' argument to perform an unrestricted upload of files.
This attack can be executed remotely, meaning an attacker does not need local access to exploit it.
An exploit for this vulnerability has already been published and may be used by attackers.
How can this vulnerability impact me? :
The vulnerability allows an attacker to upload files without restriction, which can lead to several security risks.
- Malicious files could be uploaded to the server, potentially leading to remote code execution or system compromise.
- The integrity and availability of the affected system could be impacted.
- Since the attack can be launched remotely, it increases the risk of unauthorized access or control over the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know