Security Advisory

CVE-2021-28999

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-08 00:00:00
Last updated 2025-01-29 16:21:36
Assigner mitre
State PUBLISHED

Description

SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.