PT-2021-10476 · Cmswing · Cmswing

Jiguangsdf

Published

2021-02-01

Updated

2021-02-02

CVE-2020-20296

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: CMSWing version 1.3.8

Description: An issue was found in the CMSWing project where the rechargeAction function does not check the balance parameter, allowing malicious parameters to execute arbitrary SQL commands.

Recommendations: For CMSWing version 1.3.8, consider disabling the rechargeAction function until a patch is available to prevent the execution of arbitrary SQL commands. Restrict access to the balance parameter in the affected function to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-20296

Affected Products

Cmswing

PT-2021-10476 · Cmswing · Cmswing

CVE-2020-20296

Weakness Enumeration

Related Identifiers

Affected Products

References · 4