CVE-2020-23262

An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do...

CVE-2020-23262

CVE-2020-23262 : Ming-soft MCMS v5.0 is vulnerable to unauthenticated SQL injection via /mcms/view.do. The root cause is improper input handling that allows arbitrary SQL commands, with potential high/critical impact across confidentiality, integrity, and availability. The connected sources (GHSA...