CVE-2018-12912
HongCMS 3.0.0 contains a SQL Injection vulnerability in admin/controllers/database.php, exploitable via the request admin/index.php/database/operate?dbaction=emptytable&tablename= (URI). Public exploit/activity references show an authenticated/remote-exploit path using this parameter to inject SQ...