CVE-2020-22198: SQL Injection
First published: Wed Jun 16 2021(Updated: )
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms Dedecms | =5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-22198?
The severity of CVE-2020-22198 is critical.
How does the SQL Injection vulnerability in DedeCMS 5.7 occur?
The SQL Injection vulnerability in DedeCMS 5.7 occurs through the use of the mdescription parameter in the member/ajax_membergroup.php file.
Which version of DedeCMS is affected by CVE-2020-22198?
Version 5.7 of DedeCMS is affected by CVE-2020-22198.
Are there any public references for CVE-2020-22198?
Yes, there are public references available for CVE-2020-22198. You can find them at the following links: [http://www.hackdig.com/?02/hack-8391.htm](http://www.hackdig.com/?02/hack-8391.htm) and [https://github.com/blindkey/DedeCMSv5/issues/1](https://github.com/blindkey/DedeCMSv5/issues/1).
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-22198?
The Common Weakness Enumeration (CWE) ID for CVE-2020-22198 is 89.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/dedecms
- canonical/dedecms dedecms
- version/dedecms dedecms/5.7