| عنوان | wtcms cms 1.0 SQL Injection |
|---|
| الوصف | A critical SQL Injection vulnerability has been identified in the delete() function within the SlideController class of the affected application. The vulnerability arises due to improper neutralization of special elements used in an SQL command (ids parameter). The code directly concatenates user-supplied input into an SQL query without using parameterized queries or proper sanitization, allowing an unauthenticated remote attacker to execute arbitrary SQL commands on the underlying database. |
|---|
| المصدر | ⚠️ https://www.yuque.com/shangu-vvuup/ydpg69/amhlbdhkw0pgt44g?singleDoc# 《SQL Injection Vulnerability in WTCMS 1.0》 |
|---|
| المستخدم | sT1TcH (UID 91291) |
|---|
| ارسال | 04/11/2025 02:22 PM (8 أشهر منذ) |
|---|
| الاعتدال | 29/11/2025 01:55 PM (25 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 333786 [taosir WTCMS حتى 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 SlideController SlideController.class.php delete ids حقن SQL] |
|---|
| النقاط | 20 |
|---|