إرسال #576286: foxcms v1.2.5 SQL Injectionالمعلومات

عنوانfoxcms v1.2.5 SQL Injection
الوصفA SQL injection vulnerability exists in the batchCope method of the controller located at app/admin/controller/Article.php. Due to improper handling of the ids parameter, user input is directly embedded into a raw SQL query without validation or parameterization. This allows an authenticated attacker to inject arbitrary SQL statements, potentially leading to unauthorized access, extraction of sensitive data, or full compromise of the underlying database.
المصدر⚠️ https://github.com/xiaoyangsec/foxcms_sql_injection/blob/main/foxcms_sql_injection.md
المستخدم
 xiaoyang (UID 84496)
ارسال13/05/2025 11:47 AM (1 سنة منذ)
الاعتدال25/05/2025 12:27 AM (12 days later)
الحالةتمت الموافقة
إدخال VulDB310243 [qianfox FoxCMS 1.2.5 Article.php batchCope ids حقن SQL]
النقاط20

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!