Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21121
Reference (s):
- https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/259