CVE-2020-35597: SQL Injection
First published: Thu Jun 16 2022(Updated: )
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Victor Cms Project Victor Cms | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-35597?
CVE-2020-35597 is a vulnerability in Victor CMS 1.0 that allows SQL injection through the c_id parameter of admin_edit_comment.php.
How does CVE-2020-35597 affect users?
CVE-2020-35597 can be exploited by an attacker to perform unauthorized SQL queries on the Victor CMS database.
What is the severity of CVE-2020-35597?
CVE-2020-35597 has a severity rating of 8.8 (high).
How can I fix CVE-2020-35597 in Victor CMS 1.0?
To fix CVE-2020-35597, it is recommended to update Victor CMS to a patched version or apply a security patch provided by the vendor.
What is CWE-89?
CWE-89 is a common weakness enumeration that refers to the vulnerability of SQL injection.
- collector/nvd-index
- vendor/victor cms project
- canonical/victor cms project victor cms
- version/victor cms project victor cms/1.0