Arbitrary SQL Command Execution Vulnerability in CMSWing 1.3.8

Arbitrary SQL Command Execution Vulnerability in CMSWing 1.3.8

CVE-2020-20295 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.