CVE-2018-19558
The CVE refers to arcms (a CMS) with a SQL injection flaw in json/newslist caused by unsanitized limit parameter processing in ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php (through 2018-03-19). Affected component is the web application’s PHP backend; the root cause is impro...