Home > Vulnerability Database > CVE-2025-56316

Mend.io Vulnerability Database

CVE-2025-56316

Good to know:

Date: October 16, 2025

A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.

Severity Score

9.8

Related Resources (5)

Url: https://gist.github.com/Erosion2020/5892757e0c6eeb647a218d1c3b323cff

Url: https://github.com/ming-soft/MCMS/commit/35ccbf1e3d38ab6aa178524a47c38dff6b448b59

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-56316

Url: https://github.com/ming-soft/MCMS

Url: https://www.mend.io/vulnerability-database/CVE-2025-56316

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version net.mingsoft:ms-mcms:6.0.2

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-56316

Good to know:

Date: October 16, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?