| 제목 | DedeBIZ CMS v6.3.2 archives_add.php SQL Injection |
|---|
| 설명 | SQL Injection Vulnerability in DedeCMS archives_add.php File via flags[] Parameter
A critical sql injection vulnerability has been identified in DedeBIZ CMS version 6.3.2.The vulnerability is in admin/archives_add.php.In the document publishing function of DedeCMS, the archives_add.php file improperly handles the flags[] array parameter without adequate filtering and escaping, allowing attackers to perform SQL injection attacks by constructing malicious flags array parameters. An immediate remedy is recommended, To protect the system from potential attacks. |
|---|
| 원천 | ⚠️ https://github.com/ZZCTD/zz_test/issues/4 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 10. 24. AM 04:09 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 11. 09. AM 08:00 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 331647 [DedeBIZ 까지 6.3.2 /admin/archives_add.php flags[] SQL 주입] |
|---|
| 포인트들 | 20 |
|---|