CVE-2022-24606
CVE-2022-24606 affects Luocms v2.0 with a SQL injection in the /admin/news/sort_ok.php endpoint. The root cause is lack of validation for external input SQL statements, enabling an attacker to execute arbitrary SQL against the database and potentially exfiltrate data. Several connected sources (N...