2 matches found
CVE-2018-18242
youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86...
CVE-2018-18242
The CVE-2018-18242 entry relates to youke365 v1.1.5, which has a SQL injection in admin/login.html. The vulnerability arises from improper handling in the login endpoint, enabling an attacker to inject SQL and, per CNVD-2018-20869, potentially execute arbitrary SQL commands remotely. NVD metrics ...