| عنوان | DedeCMS DedeCMS Content Management System V5.7.88 SQL Injection |
|---|
| الوصف | A Medium-severity SQL Injection vulnerability exists in the flink.php component of DedeCMS, affecting versions: V5.7.88. The vulnerability occurs in the friend link application function, where user-controlled parameters (url, webname, logo, msg, email) are only processed by the dede_htmlspecialchars() function. This function converts special characters into HTML entities (e.g., ' to ') but does not perform SQL escaping—HTML entity encoding is completely ineffective in SQL contexts. These unescaped parameters are directly concatenated into an INSERT SQL statement at lines 34-35 of flink.php.
Example payloads (POST request, any of the following parameters):
1. Using webname parameter:
POST /plus/flink.php
Parameter: webname=test' UNION SELECT 1,2,admin,pwd,5,6,7 FROM dede_admin-- -
2. Using msg parameter:
POST /plus/flink.php
Parameter: msg=test' UNION SELECT 1,2,admin,pwd,5,6,7 FROM dede_admin-- -
Successful exploitation allows unauthenticated remote attackers to execute arbitrary SQL queries, extract administrator account credentials, and manipulate database data. This vulnerability is easily exploitable (no complex bypass required) because the application only performs HTML filtering, not SQL escaping, making it a straightforward injection vector.
Vulnerability code location: flink.php lines 27-36, where user input is processed with dede_htmlspecialchars() and directly concatenated into the INSERT query without proper SQL protection. |
|---|
| المستخدم | R21Z20 (UID 97129) |
|---|
| ارسال | 14/05/2026 07:25 AM (23 أيام منذ) |
|---|
| الاعتدال | 02/06/2026 01:30 PM (19 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367914 [DedeCMS 5.7.88 /plus/flink.php dede_htmlspecialchars msg حقن SQL] |
|---|
| النقاط | 17 |
|---|