CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-05-22
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.
CVSS Score
8.8
EPSS Score
0.008
Published
2018-01-03