CVE-2020-23976

moderate-risk
Published 2020-08-27

Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (4)

Ecommerce Cms
Ecommerce Cms
Ecommerce Cms
Ecommerce Cms

Affected Vendors

Webexcels

References (4)

Exploit https://cxsecurity.com/issue/WLB-2020030174
Exploit https://packetstormsecurity.com/files/156948/Webexcels-Ecommerce-CMS-2.x-SQL-Inj...
Exploit https://cxsecurity.com/issue/WLB-2020030174
Exploit https://packetstormsecurity.com/files/156948/Webexcels-Ecommerce-CMS-2.x-SQL-Inj...
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 10/34 · Low