SQL injection vulnerability in keyword parameter of xycms manage_book.php page
XYCMS was formerly known as Nanjing XYCMS Enterprise Building System. A SQL injection vulnerability exists in the keyword parameter of the xycms managebook.php page. The vulnerability stems from the failure to filter the keyword parameter sufficiently, which can be exploited by an attacker to...