All Products
Document Center

[Vulnerability notice] SQL injection vulnerability in Arcget function in CmsEasy

Last Updated: Jan 13, 2020


CmsEasy is a web content management system based on PHP + MySQL architecture, but also a PHP development platform. The early versions of CmsEasy don’t have a completely security filtering policies for some parameters.

Malicious attackers can construct a malicious request to launch web SQL injection attacks on the website, and further steal the website data or break into the server.

Affected versions

All CmsEasy versions