All Products
Document Center

[Vulnerability notice] SQL injection vulnerability in Micro-engine CMS

Last Updated: Apr 18, 2018

Vulnerability description

The /web/source/mc/member.ctrl.php file of the Micro-engine CMS does not check the validity of the input parameter $_GPC['uid']. As a result, hackers may create special query parameters to initiate SQL injection attacks.

This vulnerability may cause leakage of the database and backend password.

How to fix

Upgrade Micro-engine to the latest version.