All Products
Search
Document Center

[Vulnerability notice] SQL injection vulnerability in Arcget function in CmsEasy

Last Updated: Nov 08, 2017

Description

CmsEasy is a web content management system based on PHP + MySQL architecture, but also a PHP development platform. The early versions of CmsEasy don’t have a completely security filtering policies for some parameters.

Malicious attackers can construct a malicious request to launch web SQL injection attacks on the website, and further steal the website data or break into the server.

Affected versions

All CmsEasy versions

Fix