edit-icon download-icon

[Vulnerability notice] SQL injection vulnerability in PHPCMS

Last Updated: Apr 18, 2018

On April 10, 2017, it was revealed that PHPCMS has a high-risk SQL injection vulnerability. The vulnerability allows an attacker to start remote SQL injection attacks, which results in data leakage. The vulnerability PoC is revealed, which indicates extremely high risk.

See the following for more information about the vulnerability.

CVE identifier


Vulnerability name

PHPCMS SQL injection vulnerability

Vulnerability rating


Vulnerability description

By submitting simple and maliciously constructed parameters, an attacker can start remote injection attacks by using tools and obtain the website database data.

Condition and method of exploitation

Remote exploitation

Affected scope

PHPCMS 9.6.0

How to fix or mitigate

Thank you! We've received your feedback.