CVE-2018-18982

Name of the Vulnerable Software and Affected Versions NUUO CMS versions 3.3 and prior

Description The web server application in NUUO CMS allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.

Recommendations For versions 3.3 and prior, update to a version later than 3.3 to resolve the issue. If no newer version is available, consider restricting access to the web server application to minimize the risk of exploitation.