edit-icon download-icon

[Vulnerability notice] SQL injection vulnerability in Arcget function in CmsEasy

Last Updated: Nov 08, 2017

Description

CmsEasy is a web content management system based on PHP + MySQL architecture, but also a PHP development platform. The early versions of CmsEasy don’t have a completely security filtering policies for some parameters.

Malicious attackers can construct a malicious request to launch web SQL injection attacks on the website, and further steal the website data or break into the server.

Affected versions

All CmsEasy versions

Fix

Thank you! We've received your feedback.