Vulnerabilities > Cmswing > Cmswing > 1.3.8

DATE CVE VULNERABILITY TITLE RISK
2021-02-01 CVE-2020-20296 SQL Injection vulnerability in Cmswing 1.3.8
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
network
low complexity
cmswing CWE-89
7.5
7.5
2021-02-01 CVE-2020-20295 SQL Injection vulnerability in Cmswing 1.3.8
An issue was found in CMSWing project version 1.3.8.
network
low complexity
cmswing CWE-89
7.5
7.5
2021-02-01 CVE-2020-20294 SQL Injection vulnerability in Cmswing 1.3.8
An issue was found in CMSWing project version 1.3.8.
network
low complexity
cmswing CWE-89
7.5
7.5