CVE-2018-25431

Name of the Vulnerable Software and Affected Versions No-Cms version 1.0

Description An SQL injection allows authenticated attackers to manipulate database queries and extract sensitive information. This occurs when submitting POST requests to the '/nocms/main/manage privilege/index/export' endpoint using malicious SQL code within the order by[0] parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.