Sql injection

2021-02-0118:15:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.

CPENameOperatorVersion
cmswingeq1.3.8

CPE	Name	Operator	Version
	cmswing	eq	1.3.8

References

github.com/arterli/CmsWing/issues/51