CVE-2020-37076

Name of the Vulnerable Software and Affected Versions Victor CMS version 1.0

Description A SQL injection flaw exists in the 'post.php' endpoint via the post parameter. This allows remote attackers to manipulate database queries and extract information using boolean-based, error-based, and time-based injection techniques, specifically through crafted UNION SELECT payloads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.