CVE-2020-7939

SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
SQL Injection
Severity
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
LOW