CVE-2020-18476
HuCartCMS 5.7.4 is affected by a SQL injection vulnerability in the usd_image field (reported as header/avatar usd_image in some sources). The CVE-2020-18476 entry documents a SQLi in HuCartCMS 5.7.4 via this field, with high severity in CVSS 3.1 (8.8) and medium in CVSS 2.0 (6.5). Concrete detai...