CVE-2020-20294

Name of the Vulnerable Software and Affected Versions: CMSWing version 1.3.8

Description: An issue was found in the CMSWing project where the log function does not check the log parameter, allowing malicious parameters to execute arbitrary commands.

Recommendations: For CMSWing version 1.3.8, consider disabling the log function until a patch is available to prevent the execution of arbitrary commands. Restrict access to the log parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.