Enviar #795348: JizhiCMS JiZhiCMS v2.5.6 SQL injectioninformación

TítuloJizhiCMS JiZhiCMS v2.5.6 SQL injection
DescripciónThis feature point decodes user input through the htmlspecialchars_decode() function. The prepended code only performs simple filtering on the user input content. The SQL statement content constructed by the attacker is decoded and directly concatenated into the SQL statement, exploiting time-blind injection to achieve SQL injection.
Fuente⚠️ https://github.com/qingyun985/Cyber-Security/issues/4
Usuario
 qingyunsec (UID 96803)
Sumisión2026-04-02 10:36 (hace 24 días)
Moderación2026-04-24 20:52 (22 days later)
EstadoAceptado
Entrada de VulDB359521 [JiZhiCMS hasta 2.5.6 addcache.html htmlspecialchars_decode sqls inyección SQL]
Puntos19

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!