| عنوان | https://github.com/DedeBIZ/DedeV6 window 6.2 sql注入 |
|---|
| الوصف | DedeBIZ V6.2 /src/admin/content_batchup_action.php 中存在 SQL 注入漏洞,危害较大。
[Suggested description]
SQL injection vulnerability exists in DedeBIZ V6.2 in /src/admin/content_batchup_action.php
[Vulnerability Type]
SQL INJECTION
[Vendor of Product]
https://github.com/DedeBIZ/DedeV6
[Affected Product Code Base]
DedeBIZ V6.2
[Affected Component]
File: /src/admin/content_batchup_action.php
Parameter: endid
[Attack Type]
Remote
[Cause of vulnerability]
in /src/admin/content_batchup_action.php,there is possibility of sql injection is the sql statement ‘$dsql->SetQuery("SELECT id FROM `#@__archives` $gwhere");’
|
|---|
| المصدر | ⚠️ https://github.com/ycwxy/test/issues/1 |
|---|
| المستخدم | smallCatCat (UID 59493) |
|---|
| ارسال | 03/12/2023 08:33 AM (3 سنوات منذ) |
|---|
| الاعتدال | 13/12/2023 08:27 AM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 247883 [DedeBIZ 6.2 content_batchup_action.php endid حقن SQL] |
|---|
| النقاط | 20 |
|---|