CVE-2018-19894
ThinkCMF X2.2.2 is affected by an SQL Injection via the functions check() and delete() in CommentadminController.class.php. The vulnerability can be exploited by an attacker with manager/administrator privileges through the ids[] parameter in a commentadmin action. This leads to injection in the ...