| عنوان | HuangDou UTCMS V9 Execute any SQL statement |
|---|
| الوصف | In the sql.php page, users can execute SQL query statements, but no results will be displayed. The problem is that there is no parameter filtering, and attackers can execute SELECT, CREATE, INSERT and other statements after logging into the backend. |
|---|
| المصدر | ⚠️ https://github.com/DeepMountains/zzz/blob/main/CVE5-3.md |
|---|
| المستخدم | chenzijie0619 (UID 74657) |
|---|
| ارسال | 06/10/2024 04:51 AM (2 سنوات منذ) |
|---|
| الاعتدال | 12/10/2024 06:16 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 280246 [HuangDou UTCMS V9 sql.php RunSql sql حقن SQL] |
|---|
| النقاط | 16 |
|---|