YXcmsApp V1.4.3 SQL Injection Vulnerability at Administrator Uninstalled Applications
Yxcms is an enterprise building system based on PHP and mysql technology. A SQL injection vulnerability exists in YXcmsApp V1.4.3 at the administrator uninstall application. The lack of filtering of the 'app' parameter allows an attacker to exploit the vulnerability to obtain sensitive informatio...