| 제목 | https://github.com/TeamEasy/EasyCMS EasyCMS v1.6 SQL injection vulnerability |
|---|
| 설명 | A SQL injection vulnerability exists in the /UserAction.class.php file of EasyCMS v1.6. The vulnerability trigger path is /admin/user/index (corresponding URL: http://www.easycms.com/index.php?s=/admin/user/index.html#listusers).
This vulnerability arises because the _order parameter in the code is not effectively filtered and is directly concatenated into the SQL query statement. Attackers can construct request packets containing malicious code to trigger the vulnerability using time-based blind injection. Verified via the sqlmap tool, the backend database is MySQL ≥ 5.0.12.
This vulnerability allows attackers to bypass authentication to obtain administrator privileges, steal, tamper with, or delete sensitive data in the database, and even execute system commands to control the server. This can lead to serious security incidents such as data leakage and server compromise, posing a significant threat to system security and data integrity.
|
|---|
| 원천 | ⚠️ https://github.com/ueh1013/VULN/issues/15 |
|---|
| 사용자 | Jonathan_Tang (UID 84714) |
|---|
| 제출 | 2026. 01. 05. AM 06:13 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 17. AM 09:34 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 341697 [EasyCMS 까지 1.6 /UserAction.class.php _order SQL 주입] |
|---|
| 포인트들 | 20 |
|---|