SQL Injection in YzmCMS 3.6 via catids array parameter in update_category_url.html
CVE-2018-7579 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.