A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23945
Reference (s):
- https://github.com/VictorAlagwu/CMSsite/issues/14