CVE-2018-18887

Name of the Vulnerable Software and Affected Versions S-CMS PHP version 1.0

Description The issue is related to SQL injection in the member/member news.php file via the type parameter, also referred to as the $N type field.

Recommendations For S-CMS PHP version 1.0, consider restricting access to the member/member news.php file or avoiding the use of the type parameter until a fix is available. As a temporary workaround, disabling the functionality that utilizes the $N type field may help minimize the risk of exploitation.