3 matches found
CVE-2020-20295
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands...
CVE-2020-20295
creationtimestamp| type| source ---|---|--- 2021-02-01 21:25:13+00:00| seen| https://t.me/cibsecurity/22914...
CVE-2020-20295
CMSWing 1.3.8 contains a SQL injection vulnerability: the updateAction function does not validate the detail parameter, allowing an attacker to supply malicious input and execute arbitrary SQL commands. Affected component: updateAction path handling, within CMSWing’s backend. Impact described in ...