CVE-2018-19925

Name of the Vulnerable Software and Affected Versions Sales & Company Management System (SCMS) versions prior to 2018-06-06

Description The issue is related to SQL injection via the type parameter in the "member/member order.php" endpoint, specifically involving the O state parameter.

Recommendations For versions prior to 2018-06-06, as a temporary workaround, consider restricting access to the "member/member order.php" endpoint until a patch is available. Avoid using the type parameter in this endpoint, especially with user-supplied input, to minimize the risk of exploitation.