| 제목 | JizhiCMS JiZhiCMS v2.5.6 SQL injection |
|---|
| 설명 | This feature point decodes user input through the htmlspecialchars_decode() function. The prepended code only performs simple filtering on the user input content. The SQL statement content constructed by the attacker is decoded and directly concatenated into the SQL statement, exploiting time-blind injection to achieve SQL injection. |
|---|
| 원천 | ⚠️ https://github.com/qingyun985/Cyber-Security/issues/4 |
|---|
| 사용자 | qingyunsec (UID 96803) |
|---|
| 제출 | 2026. 04. 02. AM 10:36 (26 날 ago) |
|---|
| 모더레이션 | 2026. 04. 24. PM 08:52 (22 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359521 [JiZhiCMS 까지 2.5.6 addcache.html htmlspecialchars_decode sqls SQL 주입] |
|---|
| 포인트들 | 19 |
|---|