2018-03-01 18:00:00
mitre
PUBLISHED
applicationadmincontrollerupdate_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.