Xycms add_book page b_tittle parameter has SQL injection vulnerability
XYCMS was formerly known as Nanjing XYCMS Enterprise Station Building System, which is a commercial station building system based on ASP development. A SQL injection vulnerability exists in the btittle parameter of the Xycms addbook page. An attacker can exploit the vulnerability to obtain...