CVE-2020-28091
Description
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in cxuucms v3 search.php allows unauthenticated attackers to extract all database data via the keywords parameter.
Vulnerability
The search.php script in cxuucms v3 does not sanitize the keywords parameter, allowing an attacker to inject arbitrary SQL queries. This vulnerability affects all installations of cxuucms v3. [1]
Exploitation
An unauthenticated attacker can exploit this by sending a crafted HTTP request to search.php with a malicious SQL payload in the keywords parameter. No special privileges or user interaction are required. [1]
Impact
Successful exploitation enables the attacker to retrieve the entire contents of the database, resulting in complete disclosure of sensitive data. [1]
Mitigation
As of the publication date, no official patch or workaround has been disclosed in the available references. Users should implement input validation and parameterized queries to mitigate the risk. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cxuucms/cxuucmsdescription
- Range: =3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- packetstormsecurity.com/files/160129/xuucms-3-SQL-Injection.htmlmitrex_refsource_MISC
- github.com/cbkhwx/cxuucmsv3/issues/1mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.