DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23980
Reference (s):
- https://cxsecurity.com/issue/WLB-2020030177
- https://packetstormsecurity.com/files/156959/DesignMasterEvents-CMS-1.0-SQL-Injection-Cross-Site-Scripting.html