CVE-2020-5579

Name of the Vulnerable Software and Affected Versions Paid Memberships versions prior to 2.3.3

Description The issue allows an attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. This can be exploited by sending malicious input to vulnerable parameters, potentially leading to unauthorized data access or modification. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the database and limiting administrator rights to minimize the risk of exploitation. Avoid using unspecified vectors that may be vulnerable to SQL injection until the issue is resolved.