CVE-2019-11567

Name of the Vulnerable Software and Affected Versions AikCms version 2.0

Description An issue was discovered in AikCms, where there is a SQL Injection vulnerability. This can be exploited via the del variable in the $ GET request, as demonstrated by accessing the /admin/page/system/nav.php endpoint with a malicious del parameter.

Recommendations For AikCms version 2.0, consider restricting access to the /admin/page/system/nav.php endpoint until a patch is available. As a temporary workaround, avoid using the del variable in the $ GET request to minimize the risk of exploitation.