Enviar #789501: dameng100 MuuCmf T6 cms 1.9.5.20260309 SQL Injectioninformación

Títulodameng100 MuuCmf T6 cms 1.9.5.20260309 SQL Injection
DescripciónLink project: https://gitee.com/dameng100/muucmf/tree/1.9.1.20260103_release CVSS score: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Description: SQL Injection (SQLi) in MuuCmf v1.9.5.20260309 allows an unauthenticated attacker to inject malicious SQL commands via the keyword parameter at the /index/Search/index.html endpoint. This vulnerability enables the extraction of sensitive database information and, depending on server configuration (e.g., secure_file_priv), can be escalated to Remote Code Execution (RCE) by writing a web shell to the server's file system.
Fuente⚠️ https://thinhneee.github.io/posts/muucmf-sqli/
Usuario
 thinhnee (UID 96296)
Sumisión2026-03-26 03:02 (hace 24 días)
Moderación2026-04-18 18:00 (24 days later)
EstadoAceptado
Entrada de VulDB358199 [dameng100 muucmf 1.9.5.20260309 /index/Search/index.html getListByPage keyword inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!