CVE-2022-25488
Atom CMS v2.0 contains a SQL injection via the id parameter in /admin/ajax/avatar.php. The vulnerability arises from unsafely concatenated SQL in this endpoint, enabling arbitrary SQL execution and potentially data disclosure or modification. Public descriptions from multiple sources corroborate ...