CVE-2020-20913

Vulnerability

Overview

CVE-2020-20913 is a SQL injection vulnerability in Ming-Soft MCMS version 4.7.2. The flaw resides in the search functionality, where the basic_title POST parameter is passed unsanitized into SQL queries [3]. The vulnerable code is in the search method of the controller, which retrieves user-supplied parameters without proper filtering or parameterization [3].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP POST request to the /ms-mcms/cms/{searchId}/search.do endpoint. No authentication is required, as the search feature is publicly accessible [3]. SQLMap testing confirmed multiple injection types, including boolean-based blind, error-based, and time-based blind techniques [3].

Impact

Successful exploitation allows a remote attacker to execute arbitrary SQL queries against the underlying MySQL database [3]. This can lead to unauthorized data access, modification, or deletion, and in some configurations, may enable command execution on the database server [2].

Mitigation

The issue was publicly disclosed on GitHub with a request for the vendor to fix the vulnerability [3]. As of the publication date, no official patch has been released. Users should apply input validation and use prepared statements to mitigate the risk.