| 제목 | dameng100 MuuCmf T6 cms 1.9.5.20260309 SQL Injection |
|---|
| 설명 | Link project: https://gitee.com/dameng100/muucmf/tree/1.9.1.20260103_release
CVSS score: 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description: SQL Injection (SQLi) in MuuCmf v1.9.5.20260309 allows an unauthenticated attacker to inject malicious SQL commands via the keyword parameter at the /index/Search/index.html endpoint. This vulnerability enables the extraction of sensitive database information and, depending on server configuration (e.g., secure_file_priv), can be escalated to Remote Code Execution (RCE) by writing a web shell to the server's file system. |
|---|
| 원천 | ⚠️ https://thinhneee.github.io/posts/muucmf-sqli/ |
|---|
| 사용자 | thinhnee (UID 96296) |
|---|
| 제출 | 2026. 03. 26. AM 03:02 (24 날 ago) |
|---|
| 모더레이션 | 2026. 04. 18. PM 06:00 (24 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358199 [dameng100 muucmf 1.9.5.20260309 /index/Search/index.html getListByPage keyword SQL 주입] |
|---|
| 포인트들 | 20 |
|---|