2 matches found
CVE-2018-7579
\application\admin\controller\updateurls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/updateurls/updatecategoryurl.html...
CVE-2018-7579
CVE-2018-7579 affects YzmCMS 3.6; the vulnerable component is the file \application\admin\controller\update_urls.class.php, where the catids array parameter to admin/update_urls/update_category_url.html enables SQL Injection. The issue is described across multiple sources (NVD/CNVD/PRION/CVELIST)...