Enviar #639777: yanyutao0402 ChanCMS V3.3.0 Unauthorized SQL injectioninformación

Títuloyanyutao0402 ChanCMS V3.3.0 Unauthorized SQL injection
DescripciónThe search method in app/modules/api/service/Api.js does not perform any verification when passing in the key parameters, and directly splicing the SQL statement.Users can perform SQL injection attacks without logging in and manipulate databases.
Fuente⚠️ https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e5.md
Usuario
 Yu_Bao (UID 89348)
Sumisión2025-08-22 12:16 (hace 10 meses)
Moderación2025-09-10 12:24 (19 days later)
EstadoAceptado
Entrada de VulDB323483 [yanyutao0402 ChanCMS hasta 3.3.0 Api.js search key inyección SQL]
Puntos16

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!