CVE-2020-20296 - CERT CVE
ID CVE-2020-20296
Sažetak An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
Reference
CVSS
Base: 7.5
Impact: 6.4
Exploitability:10.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:N/AC:L/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje 02-02-2021 - 15:58
Objavljeno 01-02-2021 - 18:15