CVE-2021-46458
Victor CMS v1.0 contains a SQL injection in the admin/posts.php?source=add_post component. The vulnerability is exploitable via a crafted POST request to post_title, allowing an attacker to inject SQL statements through user input. According to NVD, CVSS metrics show a CVSS‑3.1 base score of 7.5 ...