Summary: Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.Published: Friday, January 22, 2021 - 09:15cvss: 5.0