CVE-2020-20913 – CVE-2020-20913 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2020-20913?

CVE-2020-20913 has a CVSS score of 9.8 (CRITICAL). CVE-2020-20913 is a critical SQL injection vulnerability in Ming-Soft MCMS v4.7.2 that allows remote attackers to execute arbitrary SQL commands via the basic_title parameter. This can lead to complete database compromise, data theft, or remote code execution. All organizations running MCMS v4.7.2 are affected.

📋 TL;DR

CVE-2020-20913 is a critical SQL injection vulnerability in Ming-Soft MCMS v4.7.2 that allows remote attackers to execute arbitrary SQL commands via the basic_title parameter. This can lead to complete database compromise, data theft, or remote code execution. All organizations running MCMS v4.7.2 are affected.

💻 Affected Systems

Products:

Ming-Soft MCMS

Versions: v4.7.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Mcms by Mingsoft

View all CVEs affecting Mcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise including remote code execution, complete database exfiltration, and potential lateral movement to other systems.

🟠

Likely Case

Database compromise leading to data theft, privilege escalation, and potential website defacement.

🟢

If Mitigated

Limited impact with proper input validation and WAF protection, potentially only error messages or failed queries.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication via web interface.

🏢 Internal Only: MEDIUM - Still exploitable by internal users or compromised accounts, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via basic_title parameter is straightforward to exploit with common SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.7.3 or later

Vendor Advisory: https://github.com/ming-soft/MCMS/issues/27

Restart Required: Yes

Instructions:

1. Backup your database and application files. 2. Download MCMS v4.7.3 or later from official repository. 3. Replace vulnerable files with patched version. 4. Restart web server and application services. 5. Test functionality.

🔧 Temporary Workarounds

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns in basic_title parameter

Input Validation Filter

all

Implement server-side input validation to sanitize basic_title parameter before processing

🧯 If You Can't Patch

Isolate the MCMS instance behind a WAF with SQL injection protection rules
Implement strict input validation at the application layer for all user inputs

🔍 How to Verify

Check if Vulnerable:

Test if basic_title parameter accepts SQL injection payloads like ' OR '1'='1

Check Version:

Check MCMS version in admin panel or read version file in installation directory

Verify Fix Applied:

Verify that SQL injection attempts via basic_title parameter are properly rejected or sanitized

📡 Detection & Monitoring

Log Indicators:

SQL syntax errors in web server logs
Unusual database queries from web application
Multiple failed login attempts or parameter manipulation

Network Indicators:

HTTP requests with SQL keywords in basic_title parameter
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND (basic_title CONTAINS "UNION" OR basic_title CONTAINS "SELECT" OR basic_title CONTAINS "OR '1'='1")

📊 Metadata

CVE ID: CVE-2020-20913

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: April 4, 2023

Last Updated: February 14, 2025

🔗 References

https://github.com/ming-soft/MCMS/issues/27 Exploit
https://github.com/ming-soft/MCMS/issues/27 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-20913, you might also want to check these: