CVE-2020-21152 Information

Description

SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction.

Reference

http://8sec.cc/index.php/archives/330/ https://gitee.com/inxeduopen/inxedu/issues/I14DNG