CVE-2019-11880 CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2. Source: NIST CVE-2019-11880 May 22, 2019 by admin Uncategorized