CVE-2022-30506: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

June 3, 2022

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.

References

gitee.com/mingSoft/MCMS/issues/I56AID
github.com/advisories/GHSA-6xj9-hpq3-w3qw
nvd.nist.gov/vuln/detail/CVE-2022-30506

Code Behaviors & Features

Detect and mitigate CVE-2022-30506 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →