← Back
2026-05-01 10:45CVE-2026-7578VulDB
PUBLISHED5.2CWE-434CWE-284

MacCMS Pro Plugin Installation add.html install unrestricted upload

A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Problem type

Affected products

MacCMS Pro

2022.1.0 - AFFECTED

2022.1.1 - AFFECTED

2022.1.2 - AFFECTED

2022.1.3 - AFFECTED

References

VDB-360419 | MacCMS Pro Plugin Installation add.html install unrestricted upload

https://vuldb.com/vuln/360419

vdb-entrytechnical-description
VDB-360419 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/360419/cti

signaturepermissions-required
Submit #792283 | MacCMS MacCMS Pro 2022.1.3 Upload any file

https://vuldb.com/submit/792283

third-party-advisory
github.com

https://github.com/qingyun985/Cyber-Security/issues/1

exploitissue-tracking

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7578
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7578",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-05-01T10:45:10.702Z",
    "dateReserved": "2026-05-01T06:04:34.942Z",
    "datePublished": "2026-05-01T10:45:10.702Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-05-01T10:45:10.702Z"
      },
      "title": "MacCMS Pro Plugin Installation add.html install unrestricted upload",
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "affected": [
        {
          "vendor": "n/a",
          "product": "MacCMS Pro",
          "modules": [
            "Plugin Installation Handler"
          ],
          "versions": [
            {
              "version": "2022.1.0",
              "status": "affected"
            },
            {
              "version": "2022.1.1",
              "status": "affected"
            },
            {
              "version": "2022.1.2",
              "status": "affected"
            },
            {
              "version": "2022.1.3",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Unrestricted Upload",
              "cweId": "CWE-434",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Access Controls",
              "cweId": "CWE-284",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/360419",
          "name": "VDB-360419 | MacCMS Pro Plugin Installation add.html install unrestricted upload",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/360419/cti",
          "name": "VDB-360419 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/792283",
          "name": "Submit #792283 | MacCMS MacCMS Pro 2022.1.3 Upload any file",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/qingyun985/Cyber-Security/issues/1",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 5.8
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-05-01T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-05-01T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-05-01T08:09:42.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "qingyunsec (VulDB User)",
          "type": "reporter"
        },
        {
          "lang": "en",
          "value": "VulDB CNA Team",
          "type": "coordinator"
        }
      ]
    }
  }
}