Public CVE-2020-18475 disclosure

SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.