제출 #246653: https://github.com/DedeBIZ/DedeV6 window 6.2 sql注入정보

제목https://github.com/DedeBIZ/DedeV6 window 6.2 sql注入
설명DedeBIZ V6.2 /src/admin/content_batchup_action.php 中存在 SQL 注入漏洞,危害较大。 [Suggested description] SQL injection vulnerability exists in DedeBIZ V6.2 in /src/admin/content_batchup_action.php [Vulnerability Type] SQL INJECTION [Vendor of Product] https://github.com/DedeBIZ/DedeV6 [Affected Product Code Base] DedeBIZ V6.2 [Affected Component] File: /src/admin/content_batchup_action.php Parameter: endid [Attack Type] Remote [Cause of vulnerability] in /src/admin/content_batchup_action.php,there is possibility of sql injection is the sql statement ‘$dsql->SetQuery("SELECT id FROM `#@__archives` $gwhere");’
원천⚠️ https://github.com/ycwxy/test/issues/1
사용자
 smallCatCat (UID 59493)
제출2023. 12. 03. AM 08:33 (3 연령 ago)
모더레이션2023. 12. 13. AM 08:27 (10 days later)
상태수락
VulDB 항목247883 [DedeBIZ 6.2 content_batchup_action.php endid SQL 주입]
포인트들20

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!