CVE-2020-23979
Description
13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
13enforme CMS 1.0 is vulnerable to SQL injection in content.php via the id parameter, allowing attackers to extract database information.
Vulnerability
13enforme CMS version 1.0 contains a SQL injection vulnerability in the content.php script. The id parameter is not properly sanitized before being used in SQL queries, allowing an attacker to inject arbitrary SQL commands. This vulnerability is present in the default installation of the CMS [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the content.php page with a malicious id parameter. No authentication is required, as the vulnerable endpoint is publicly accessible. The attacker can use standard SQL injection techniques to manipulate the query.
Impact
Successful exploitation allows an attacker to read sensitive data from the database, such as user credentials, personal information, or other confidential data. This could lead to further compromise of the application and its users.
Mitigation
As of the publication date, no official patch or fixed version has been released. Users are advised to apply input validation or parameterized queries to mitigate the risk. If possible, upgrade to a later version of the CMS if available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- 13enforme/CMSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.