CVE-2019-11880

CVE-2019-11880

CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2.

Source: CVE-2019-11880