CVE-2020-20295
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
一款基于Egg.js(为企业级框架和应用而生)、Sequelize和GraphQL,功能强大的(PC端,手机端和微信公众平台)电子商务平台及CMS建站系统
GitHub