CVE-2018-11414
BearAdmin 0.5 is affected by a SQL injection in the admin/admin_log/index.html?user_id= parameter. The root cause is improper construction of a MySQL query in admin\controller\AdminLog.php. CNVD-2018-10336 documents a remote attacker being able to exploit this by supplying the user_id parameter t...