SQL Injection Vulnerability in S-CMS V3.0 via S_id Parameter

SQL Injection Vulnerability in S-CMS V3.0 via S_id Parameter

CVE-2018-20018 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.