2 matches found
CmsWing Project SQL Injection (CVE-2020-20296)
An SQL injection vulnerability exists in CmsWing Project. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2020-20296
CMSWing 1.3.8 contains a SQL injection vulnerability in the rechargeAction path where the balance parameter is not validated, allowing malicious parameters to execute arbitrary SQL commands. This is documented across multiple sources (CVE-2020-20296) with high severity (CVSSv3.1: 9.8) and partial...