CVE-2020-20473

Name of the Vulnerable Software and Affected Versions: White Shark System (WSS) version 1.3.2

Description: The issue arises from the failure of certain files, specifically control task.php, control project.php, and default user.php, to filter the sort parameter, leading to a SQL injection vulnerability. This allows remote attackers to exploit the vulnerability and obtain sensitive database information.

Recommendations: For White Shark System (WSS) version 1.3.2, consider disabling access to the control task.php, control project.php, and default user.php files until a patch is available, or restrict the use of the sort parameter in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.