SQL Injection in YzmCMS 3.6 via catids array parameter in update_category_url.html

SQL Injection in YzmCMS 3.6 via catids array parameter in update_category_url.html

CVE-2018-7579 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.