mingSoft MCMS Server-Side Request Forgery Vulnerability (CVE-2026-4953)
A server-side request forgery (SSRF) vulnerability (CVE-2026-4953) exists in mingSoft MCMS version 5.5.0, allowing remote attackers to manipulate the 'catchimage' argument in the catchImage function to potentially access or interact with internal resources.
A server-side request forgery (SSRF) vulnerability has been identified in mingSoft MCMS version 5.5.0. The vulnerability resides within the catchImage function in the net/mingsoft/cms/action/BaseAction.java file, specifically affecting the Editor Endpoint component. Attackers can remotely exploit this vulnerability by manipulating the catchimage argument. Publicly available exploits exist, increasing the risk of exploitation. Successful exploitation could allow an attacker to probe…
Detection coverage 2
Detect Suspicious SSRF Attempt in mingSoft MCMS
highDetects potential Server-Side Request Forgery (SSRF) attempts in mingSoft MCMS by monitoring the 'catchimage' parameter for suspicious URLs or internal IP addresses.
Detect MingSoft MCMS BaseAction.java catchImage SSRF Pattern
highDetects exploitation attempts targeting the catchImage function in BaseAction.java of MingSoft MCMS via a crafted URL
Detection queries are kept inside the platform. Get full rules →