CVE-2018-12912

Name of the Vulnerable Software and Affected Versions HongCMS version 3.0.0

Description A SQL Injection issue was discovered in the admin/controllers/database.php file. The issue can be exploited via the "admin/index.php/database/operate?dbaction=emptytable&tablename=" URI, allowing for potential SQL injection attacks.

Recommendations For HongCMS version 3.0.0, consider restricting access to the "admin/index.php/database/operate" endpoint until a patch is available. As a temporary workaround, avoid using the tablename parameter in the affected URI to minimize the risk of exploitation.