Vulnerabilities > Cmswing > Cmswing > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-43736 | Argument Injection or Modification vulnerability in Cmswing 1.3.7 CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | 9.8 |
| 2022-03-23 | CVE-2021-43735 | SQL Injection vulnerability in Cmswing 1.3.7 CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | 9.8 |
| 2021-02-01 | CVE-2020-20294 | SQL Injection vulnerability in Cmswing 1.3.8 An issue was found in CMSWing project version 1.3.8. | 9.8 |
| 2021-02-01 | CVE-2020-20295 | SQL Injection vulnerability in Cmswing 1.3.8 An issue was found in CMSWing project version 1.3.8. | 9.8 |
| 2021-02-01 | CVE-2020-20296 | SQL Injection vulnerability in Cmswing 1.3.8 An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands. | 9.8 |