إرسال #795348: JizhiCMS JiZhiCMS v2.5.6 SQL injectionالمعلومات

عنوانJizhiCMS JiZhiCMS v2.5.6 SQL injection
الوصفThis feature point decodes user input through the htmlspecialchars_decode() function. The prepended code only performs simple filtering on the user input content. The SQL statement content constructed by the attacker is decoded and directly concatenated into the SQL statement, exploiting time-blind injection to achieve SQL injection.
المصدر⚠️ https://github.com/qingyun985/Cyber-Security/issues/4
المستخدم
 qingyunsec (UID 96803)
ارسال02/04/2026 10:36 AM (24 أيام منذ)
الاعتدال24/04/2026 08:52 PM (22 days later)
الحالةتمت الموافقة
إدخال VulDB359521 [JiZhiCMS حتى 2.5.6 addcache.html htmlspecialchars_decode sqls حقن SQL]
النقاط19

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!