CVE-2020-20295

Name of the Vulnerable Software and Affected Versions: CMSWing version 1.3.8

Description: An issue was found in the CMSWing project where the updateAction function does not check the detail parameter, allowing malicious parameters to execute arbitrary SQL commands.

Recommendations: For CMSWing version 1.3.8, consider disabling the updateAction function until a patch is available to prevent exploitation. Restrict access to the detail parameter in the affected function to minimize the risk of arbitrary SQL command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.