CVE-2020-20913

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ming-Soft MCMS versions prior to 5.1

Description A SQL Injection issue allows a remote attacker to execute arbitrary code via the basic title parameter. This issue is resolved in version 5.1.

Recommendations For versions prior to 5.1, update to version 5.1 to resolve the issue. As a temporary workaround, consider restricting access to the basic title parameter to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-20913

GHSA-HX8P-9M48-G76R

Affected Products

Mingsoft Mcms

CVE-2020-20913

Weakness Enumeration

Related Identifiers

Affected Products

References · 5