Invia #688839: wtcms cms 1.0 SQL Injectioninformazioni

Titolowtcms cms 1.0 SQL Injection
DescrizioneA critical SQL Injection vulnerability has been identified in the delete() function within the CommentadminController class of the affected application. The vulnerability arises due to improper neutralization of special elements used in an SQL command (ids parameter). The code directly concatenates user-supplied input from the $_POST['ids'] array into an SQL query without using parameterized queries or proper sanitization, allowing an attacker to execute arbitrary SQL commands on the underlying database.
Fonte⚠️ https://www.yuque.com/shangu-vvuup/ydpg69/mlybdhd2gevo0phu?singleDoc# 《SQL Injection Vulnerability in WTCMS 1.0》
Utente
 sT1TcH (UID 91291)
Sottomissione04/11/2025 14:25 (8 mesi fa)
Moderazione29/11/2025 13:55 (25 days later)
StatoDuplicato
Voce VulDB333787 [taosir WTCMS fino a 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 CommentadminController CommentadminController.class.php check/uncheck/delete ids iniezione SQL]
Punti0

PrecedenteVisione D'ensembleIl prossimo

Might our Artificial Intelligence support you?

Check our Alexa App!