| Titolo | DedeBIZ CMS v6.3.2 archives_add.php SQL Injection |
|---|
| Descrizione | SQL Injection Vulnerability in DedeCMS archives_add.php File via flags[] Parameter
A critical sql injection vulnerability has been identified in DedeBIZ CMS version 6.3.2.The vulnerability is in admin/archives_add.php.In the document publishing function of DedeCMS, the archives_add.php file improperly handles the flags[] array parameter without adequate filtering and escaping, allowing attackers to perform SQL injection attacks by constructing malicious flags array parameters. An immediate remedy is recommended, To protect the system from potential attacks. |
|---|
| Fonte | ⚠️ https://github.com/ZZCTD/zz_test/issues/4 |
|---|
| Utente | Anonymous User |
|---|
| Sottomissione | 24/10/2025 04:09 (8 mesi fa) |
|---|
| Moderazione | 09/11/2025 08:00 (16 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 331647 [DedeBIZ fino a 6.3.2 /admin/archives_add.php flags[] iniezione SQL] |
|---|
| Punti | 20 |
|---|