Sql injection vulnerability in the yccms 3.3 project. The no_top function’s improper judgment of the request parameters, triggers a sql injection vulnerability.
CWE-89
CVE-2020-20294
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
CVE-2020-20295
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
CVE-2020-20296
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
CVE-2020-20300
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
CVE-2020-20340
A SQL injection vulnerability in the 4.edu.phpconnfunction.php component of S-CMS v1.0 allows attackers to access sensitive database information.
