Soumettre #795348: JizhiCMS JiZhiCMS v2.5.6 SQL injectioninformation

TitreJizhiCMS JiZhiCMS v2.5.6 SQL injection
DescriptionThis feature point decodes user input through the htmlspecialchars_decode() function. The prepended code only performs simple filtering on the user input content. The SQL statement content constructed by the attacker is decoded and directly concatenated into the SQL statement, exploiting time-blind injection to achieve SQL injection.
La source⚠️ https://github.com/qingyun985/Cyber-Security/issues/4
Utilisateur
 qingyunsec (UID 96803)
Soumission02/04/2026 10:36 (il y a 25 jours)
Modérer24/04/2026 20:52 (22 days later)
StatutAccepté
Entrée VulDB359521 [JiZhiCMS jusqu’à 2.5.6 addcache.html htmlspecialchars_decode sqls injection SQL]
Points19

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!