SQL Injection Vulnerability in arcms through 2018-03-19

CVE-2018-19558 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.