SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.
References
Link | Resource |
---|---|
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html | Technical Description |
https://github.com/alixiaowei/cve_test/issues/3 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-02-15T00:00:00
Updated: 2023-02-15T00:00:00
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-21120
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-15T22:15:10.983
Modified: 2023-02-23T04:59:17.170
Link: CVE-2020-21120
JSON object: View
Redhat Information
No data.
CWE