CVE-2018-18242

youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86.
References
Link Resource
https://github.com/yanchongchong/swallow/issues/4 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:youke365:youke_365:1.1.5:*:*:*:*:*:*:*

Information

Published : 2018-10-11 02:29

Updated : 2018-11-21 09:07


NVD link : CVE-2018-18242

Mitre link : CVE-2018-18242

Products Affected
No products.
CWE