PT-2020-16922 · Cxuucms · Cxuucms

Published

2020-11-18

Updated

2020-12-01

CVE-2020-28091

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions cxuucms version 3

Description The issue is related to a SQL injection vulnerability. This vulnerability can lead to the leakage of all database data via the keywords parameter in the "search.php" endpoint.

Recommendations For cxuucms version 3, as a temporary workaround, consider restricting access to the "search.php" endpoint or disabling the use of the keywords parameter until a patch is available. Avoid using the keywords parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-28091

Affected Products

Cxuucms

PT-2020-16922 · Cxuucms · Cxuucms

CVE-2020-28091

Weakness Enumeration

Related Identifiers

Affected Products

References · 6