Vulnerability Details CVE-2020-18106
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2020-18106
-
cpe:2.3:a:wms_project:wms:1.0