RSS   Vulnerabilities for 'Arcms'   RSS

2018-11-26
 
CVE-2018-19558

CWE-89
 

 
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.

 
 
CVE-2018-19557

CWE-89
 

 
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images.

 


Copyright 2024, cxsecurity.com

 

Back to Top