CVE-2020-18476

SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.