Security Advisory
CVE-2021-40961
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the .