| Titel | Boyun Boyun PHPCMS <=1.4.20 SQL Injection |
|---|
| Beschreibung | A SQL injection vulnerability exists in BoYun PHPCMS (≤1.4.20) within the application/update/controller/Server.php file. The application fails to properly sanitize user-supplied input—such as the phone parameter—before incorporating it directly into SQL queries. This flaw allows remote attackers to manipulate database queries by injecting arbitrary SQL commands, potentially leading to unauthorized data access, modification, or even full database compromise. The vulnerability appears to stem from leftover or legacy test code that was not removed from the production release.
|
|---|
| Quelle | ⚠️ https://note-hxlab.wetolink.com/share/sEjaSsXWRNz1 |
|---|
| Benutzer | YELEIPENG (UID 73615) |
|---|
| Einreichung | 26.06.2025 07:59 (vor 10 Monaten) |
|---|
| Moderieren | 05.07.2025 19:39 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 315016 [BoyunCMS bis 1.4.20 Server.php phone SQL Injection] |
|---|
| Punkte | 20 |
|---|