Critical severity9.8NVD Advisory· Published Dec 27, 2018· Updated Jun 17, 2026
CVE-2018-20508
CVE-2018-20508
Description
CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This is related to actionIndex in UserController.php, and the protected\models\User.php search() function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- sourceforge.net/p/crashfix/tickets/21/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.