OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21726
Reference (s):
- https://github.com/CoColizdf/CVE/issues/2