CVE-2020-20913: 
Java vulnerability analysis and mitigation

SQL Injection vulnerability was discovered in Ming-Soft MCMS version 4.7.2. The vulnerability allows remote attackers to execute arbitrary code via the basic_title parameter in the search functionality (GitHub Issue). The vulnerability was assigned CVE-2020-20913 and was published on April 4, 2023 (NVD).

The vulnerability exists in the search functionality where the basic_title parameter is not properly sanitized. The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates the vulnerability is network exploitable, requires low attack complexity, needs no privileges or user interaction, and can result in high impact to confidentiality, integrity, and availability (NVD).

Successful exploitation of this vulnerability can lead to complete system compromise, allowing attackers to execute arbitrary code, access sensitive data, and potentially take full control of the affected system. The critical CVSS score of 9.8 indicates the severe potential impact of this vulnerability (NVD).

Users should upgrade to a patched version of Ming-Soft MCMS if available. In the absence of a patch, implementing proper input validation and sanitization for the basic_title parameter, using prepared statements for SQL queries, and applying web application firewall rules to filter malicious requests are recommended as temporary mitigations (NVD).