4 matches found
CVE-2018-6893
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...
CVE-2018-6893
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...
CVE-2018-6893
controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering...
CVE-2018-6893
FineCms 5.2.0 is affected by an SQL injection in controllers/member/Api.php when handling requests with s=member,c=api,m=checktitle and a crafted module parameter, due to insufficient filtering. The issue enables arbitrary SQL execution via the vulnerable parameter, as reported in multiple source...