CVE-2020-36543

MEDIUM

SialWeb CMS - SQL Injection via /about.php Id Parameter

Title source: llm
STIX 2.1

Description

A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://sialweb.net/
Exploit, Third Party Advisory x_refsource_misc
https://vuldb.com/?id.159429

Scores

CVSS v3 6.3
EPSS 0.0073
EPSS Percentile 50.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
sialweb/sialweb_cms
Published Jun 08, 2022
Tracked Since Feb 18, 2026