CVE-2018-18832

Name of the Vulnerable Software and Affected Versions DKCMS version 9.4

Description The issue allows SQL Injection via an ASPSESSIONID cookie to admin/admin.asp. This is related to the admin/check.asp file in DKCMS.

Recommendations For DKCMS version 9.4, consider restricting access to the admin/check.asp file and the admin/admin.asp endpoint until a patch is available. As a temporary workaround, avoid using the ASPSESSIONID cookie in the affected endpoint to minimize the risk of exploitation.