CVE-2020-20295

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt