CVE-2020-20296

An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
References
Link Resource
https://github.com/arterli/CmsWing/issues/51 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cmswing:cmswing:1.3.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-02-01 18:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-20296

Mitre link : CVE-2020-20296

CVE.ORG link : CVE-2020-20296


JSON object : View

Products Affected

cmswing

  • cmswing
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')