CyberSec.Space Logo
Back to CVE Browser

CVE-2020-23976

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0520%
EPSS Percentile3.01th
PublishedAug 27, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.

Affected Platforms (CPE)

πŸ“¦
Webexcels

Ecommerce Cms

= 2017
πŸ“¦
Webexcels

Ecommerce Cms

= 2018
πŸ“¦
Webexcels

Ecommerce Cms

= 2019
πŸ“¦
Webexcels

Ecommerce Cms

= 2020

References & Advisories

πŸ”— https://cxsecurity.com/issue/WLB-2020030174
πŸ”— https://packetstormsecurity.com/files/156948/Webexcels-Ecommerce-CMS-2.x-SQL-Injection-Cross-Site-Scripting.html
πŸ”— https://cxsecurity.com/issue/WLB-2020030174
πŸ”— https://packetstormsecurity.com/files/156948/Webexcels-Ecommerce-CMS-2.x-SQL-Injection-Cross-Site-Scripting.html

Related Vulnerabilities

CVE-2020-239789.8

SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"

CVE-2006-50966.8

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce...

CVE-2020-239756.1

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...