CVE-2020-23976

Name of the Vulnerable Software and Affected Versions Webexcels Ecommerce CMS versions 2.x, 2017, 2018, 2019, 2020

Description The issue is related to a SQL Injection vulnerability via the id parameter in the content.php script. This vulnerability is due to a lack of protection measures for the SQL query structure. Exploitation of this issue can allow a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations For Webexcels Ecommerce CMS versions 2.x, 2017, 2018, 2019, 2020, consider disabling the id parameter in the content.php script as a temporary workaround until a patch is available. Restrict access to the content.php script to minimize the risk of exploitation. Avoid using the id parameter in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.