CVE-2020-18544
CVE-2020-18544 affects WMS v1.0, where a SQL injection in chkuser.php via the username parameter allows remote attackers to execute arbitrary code. Root cause: improper handling of user input in the login/component path leads to SQL injection. Documented impact indicates potential arbitrary code ...