First published: Thu Jun 16 2022(Updated: )
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Victor Cms Project Victor Cms | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35597 is a vulnerability in Victor CMS 1.0 that allows SQL injection through the c_id parameter of admin_edit_comment.php.
CVE-2020-35597 can be exploited by an attacker to perform unauthorized SQL queries on the Victor CMS database.
CVE-2020-35597 has a severity rating of 8.8 (high).
To fix CVE-2020-35597, it is recommended to update Victor CMS to a patched version or apply a security patch provided by the vendor.
CWE-89 is a common weakness enumeration that refers to the vulnerability of SQL injection.