Browse all 6 CVE security advisories affecting mbis. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MBIS is a business management platform primarily serving small to medium enterprises for inventory and sales operations. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with six CVEs documented. The platform's security posture has been characterized by insufficient input validation and inadequate access controls. Notable incidents include multiple RCE vulnerabilities allowing unauthorized system compromise, particularly in versions prior to 2020. While recent versions have shown improved security practices, legacy deployments remain vulnerable to exploitation, making regular updates and proper configuration critical for maintaining operational security.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-8195 | Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure — Permalink Manager LiteCWE-862 | 5.3 | Medium | 2024-08-28 |
| CVE-2024-2543 | Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor — Permalink Manager LiteCWE-639 | 4.3 | Medium | 2024-04-09 |
| CVE-2024-2738 | Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting — Permalink Manager LiteCWE-79 | 6.1 | Medium | 2024-04-09 |
| CVE-2024-2538 | Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification — Permalink Manager LiteCWE-639 | 5.4 | Medium | 2024-03-20 |
| CVE-2022-4410 | Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting — Permalink Manager LiteCWE-79 | 6.4 | Medium | 2022-12-14 |
| CVE-2022-4021 | Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery — Permalink Manager LiteCWE-352 | 8.8 | High | 2022-11-16 |
This page lists every published CVE security advisory associated with mbis. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.