2 matches found
Phpzag SQL Injection (CVE-2020-8519; CVE-2020-8520; CVE-2020-8521)
An SQL injection vulnerability exists in Phpzag. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2020-8519
CVE-2020-8519 is a SQL injection in SpryMedia DataTables (Records.php) used by Phpzag’s live data tables (Ajax PHP/MySQL). The vulnerability arises from an unsafe search parameter in Records.php, enabling manipulation of table records. Documented scores indicate high to critical severity (CVSS v3...