CVE-2020-21377
Description
SQL injection in yunyecms V2.0.1 via the selcart parameter allows remote attackers to execute arbitrary SQL commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in yunyecms V2.0.1 via the selcart parameter allows remote attackers to execute arbitrary SQL commands.
Vulnerability
A SQL injection vulnerability exists in yunyecms V2.0.1 in the selcart parameter during the front-end checkout process [1]. The application fails to properly sanitize user input before incorporating it into SQL queries, allowing an attacker to inject malicious SQL statements.
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the checkout endpoint with a malicious selcart parameter [1]. No authentication is required as the checkout functionality is accessible to unauthenticated users. The injected SQL payload is executed against the database.
Impact
Successful exploitation allows the attacker to execute arbitrary SQL commands, potentially leading to unauthorized access to sensitive data, modification of database contents, or complete compromise of the application's database [1].
Mitigation
As of the publication date, no official patch or mitigation has been disclosed in the available reference [1]. Users are advised to apply input validation and parameterized queries to prevent SQL injection.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- yunyecms/yunyecmsdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- gitee.com/yunyecms/yunyecms/issues/I15J32mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.