Vulnerability Details CVE-2020-18106
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 56.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2020-18106
-
cpe:2.3:a:wms_project:wms:1.0