CVE-2020-20295

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
References
Link Resource
https://github.com/arterli/CmsWing/issues/50 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cmswing:cmswing:1.3.8:*:*:*:*:*:*:*

Information

Published : 2021-02-01 06:15

Updated : 2021-02-02 03:55


NVD link : CVE-2020-20295

Mitre link : CVE-2020-20295

Products Affected
No products.
CWE