| 제목 | DedeCMS DedeCMS Content Management System V5.7.88 SQL Injection |
|---|
| 설명 | A Medium-severity SQL Injection vulnerability exists in the flink.php component of DedeCMS, affecting versions: V5.7.88. The vulnerability occurs in the friend link application function, where user-controlled parameters (url, webname, logo, msg, email) are only processed by the dede_htmlspecialchars() function. This function converts special characters into HTML entities (e.g., ' to ') but does not perform SQL escaping—HTML entity encoding is completely ineffective in SQL contexts. These unescaped parameters are directly concatenated into an INSERT SQL statement at lines 34-35 of flink.php.
Example payloads (POST request, any of the following parameters):
1. Using webname parameter:
POST /plus/flink.php
Parameter: webname=test' UNION SELECT 1,2,admin,pwd,5,6,7 FROM dede_admin-- -
2. Using msg parameter:
POST /plus/flink.php
Parameter: msg=test' UNION SELECT 1,2,admin,pwd,5,6,7 FROM dede_admin-- -
Successful exploitation allows unauthenticated remote attackers to execute arbitrary SQL queries, extract administrator account credentials, and manipulate database data. This vulnerability is easily exploitable (no complex bypass required) because the application only performs HTML filtering, not SQL escaping, making it a straightforward injection vector.
Vulnerability code location: flink.php lines 27-36, where user input is processed with dede_htmlspecialchars() and directly concatenated into the INSERT query without proper SQL protection. |
|---|
| 사용자 | R21Z20 (UID 97129) |
|---|
| 제출 | 2026. 05. 14. AM 07:25 (21 날 ago) |
|---|
| 모더레이션 | 2026. 06. 02. PM 01:30 (19 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367914 [DedeCMS 5.7.88 /plus/flink.php dede_htmlspecialchars msg SQL 주입] |
|---|
| 포인트들 | 17 |
|---|