CVE-2020-20913
published 2023-04-04CVE-2020-20913: SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.
PriorityP346critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.42%
69.5th percentile
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mingsoft | mcms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Ming-Soft MCMS vulnerable to SQL injection
ghsa·2023-04-04
CVE-2020-20913 [CRITICAL] CWE-89 Ming-Soft MCMS vulnerable to SQL injection
Ming-Soft MCMS vulnerable to SQL injection
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via `basic_title` parameter. This issue is resolved in v5.1.
OSV
Ming-Soft MCMS vulnerable to SQL injection
osv·2023-04-04
CVE-2020-20913 [CRITICAL] Ming-Soft MCMS vulnerable to SQL injection
Ming-Soft MCMS vulnerable to SQL injection
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via `basic_title` parameter. This issue is resolved in v5.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-04
Published