| Titel | https://github.com/TeamEasy/EasyCMS EasyCMS v1.6 SQL injection vulnerability |
|---|
| Beschreibung | A SQL injection vulnerability exists in the /UserAction.class.php file of EasyCMS v1.6. The vulnerability trigger path is /admin/user/index (corresponding URL: http://www.easycms.com/index.php?s=/admin/user/index.html#listusers).
This vulnerability arises because the _order parameter in the code is not effectively filtered and is directly concatenated into the SQL query statement. Attackers can construct request packets containing malicious code to trigger the vulnerability using time-based blind injection. Verified via the sqlmap tool, the backend database is MySQL ≥ 5.0.12.
This vulnerability allows attackers to bypass authentication to obtain administrator privileges, steal, tamper with, or delete sensitive data in the database, and even execute system commands to control the server. This can lead to serious security incidents such as data leakage and server compromise, posing a significant threat to system security and data integrity.
|
|---|
| Quelle | ⚠️ https://github.com/ueh1013/VULN/issues/15 |
|---|
| Benutzer | Jonathan_Tang (UID 84714) |
|---|
| Einreichung | 05.01.2026 06:13 (vor 5 Monaten) |
|---|
| Moderieren | 17.01.2026 09:34 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 341697 [EasyCMS bis 1.6 /UserAction.class.php _order SQL Injection] |
|---|
| Punkte | 20 |
|---|