SQL Injection Vulnerability in Textpattern CMS 4.6.2 and Earlier

SQL Injection Vulnerability in Textpattern CMS 4.6.2 and Earlier

CVE-2018-7474 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.