CVE-2018-18830

EPSS 0.43% · P63 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-18830

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

MCMS 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

MCMS是一款基于Spring、SpringMVC、Mybatis的Java快速开发平台。 MCMS 4.6.5版本中的com\mingsoft\basic\action\web\FileAction.java文件存在安全漏洞，该漏洞源于上传界面没有验证用户的登录状态。攻击者可利用该漏洞未授权上传文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-18830

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-18830

请登录查看更多情报信息。

https://gitee.com/mingSoft/MCMS/issues/IO0IQx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2018-18830

Same Patch Batch · n/a · 2018-10-30 · 38 CVEs total

CVE-2018-18829		Libav 安全漏洞
CVE-2018-17782		MantisBT 跨站脚本漏洞
CVE-2018-17783		MantisBT 跨站脚本漏洞
CVE-2018-18281		Linux kernel 输入验证错误漏洞
CVE-2015-7266		Interactive Advertising Bureau OpenRTB 权限许可和访问控制漏洞
CVE-2018-18822		Grapixel New Media SQL注入漏洞
CVE-2018-18825		Pagoda Linux panel 跨站脚本漏洞
CVE-2018-18826		Libav 缓冲区错误漏洞
CVE-2018-18827		Libav 缓冲区错误漏洞
CVE-2018-18828		Libav 缓冲区错误漏洞
CVE-2018-14558		Tenda AC7、AC9和AC10 命令注入漏洞
CVE-2018-18831		MCMS 安全漏洞
CVE-2018-18832		DKCMS SQL注入漏洞
CVE-2018-18834		libIEC61850 缓冲区错误漏洞
CVE-2018-18835		DocCms 安全漏洞
CVE-2018-18840		SEMCMS PHP 跨站脚本漏洞
CVE-2018-18841		SEMCMS PHP 跨站脚本漏洞
CVE-2018-18842		Z-BlogPHP 跨站请求伪造漏洞
CVE-2018-18817		Leostream Agent Build 访问控制错误漏洞
CVE-2018-17933		Vecna VGo Robot 安全漏洞

Showing top 20 of 38 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-18830

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-18830

I. Basic Information for CVE-2018-18830

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-18830

III. Intelligence Information for CVE-2018-18830

Same Patch Batch · n/a · 2018-10-30 · 38 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-18830

Leave a comment