CVE-2018-7732

Name of the Vulnerable Software and Affected Versions: YxtCMF version 3.1

Description: An issue exists in YxtCMF where SQL Injection is possible. This occurs in the ShitiController.class.php file through the ids array parameter in the "/exam/shiti/delshiti.html" API endpoint.

Recommendations: For YxtCMF version 3.1, as a temporary workaround, consider restricting access to the /exam/shiti/delshiti.html endpoint until a patch is available. Additionally, avoid using the ids array parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.