CVE-2019-25538

Name of the Vulnerable Software and Affected Versions 202CMS version 10 beta

Description An SQL injection issue exists that allows unauthenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the log user parameter. Attackers can send crafted requests with malicious SQL statements in the log user field to extract sensitive database information or modify database contents. The API endpoint involved is not specified.

Recommendations Apply a fix for 202CMS version 10 beta to address the SQL injection issue in the log user parameter.