| タイトル | Guangzhou Duoduo Information Technology Co., Ltd. likeadmin_php <= 1.9.6 SQL Injection |
|---|
| 説明 | A SQL injection vulnerability exists in the /adminapi/tools.generator/dataTable endpoint of likeadmin_php. The backend directly concatenates user-supplied input parameters (such as name and comment) into SQL queries without proper sanitization or parameterization. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary SQL statements, leading to sensitive data disclosure, data manipulation, and potentially remote code execution (RCE) under certain conditions. |
|---|
| ソース | ⚠️ https://github.com/likeadmin-likeshop/likeadmin_php/issues/8 |
|---|
| ユーザー | z0ng (UID 96775) |
|---|
| 送信 | 2026年04月08日 10:48 (19 日 ago) |
|---|
| モデレーション | 2026年04月26日 10:03 (18 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 359658 [likeadmin-likeshop likeadmin_php 迄 1.9.6 dataTable Admin API DataTableLists.php queryResult SQLインジェクション] |
|---|
| ポイント | 20 |
|---|