CVE-2018-18702

Published: 2018-10-29T12:29Z

Last Modified: 2024-11-21T03:56Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt