CVE-2018-12498
CVE-2018-12498 affects iCMS v7.0.8. The flaw is a SQL injection in spider.admincp.php triggered by the id parameter in an app=spider&do=batch request to admincp.php, enabling arbitrary SQL execution through that parameter. The root cause is improper handling/validation of user-supplied input in t...