제출 #840800: YzmCMS 7.5 SQL Injection정보

제목YzmCMS 7.5 SQL Injection
설명A SQL Injection vulnerability was discovered in YzmCMS v7.5 during the installation phase. The issue resides in the file `/application/install/index.php`. The application retrieves the user-supplied 'siteurl' input via a POST request and processes it only with the `trim()` function. This variable is then directly concatenated into an UPDATE SQL statement without any sanitization or parameterized preparation (Prepared Statements), and executed via `$pdo->exec()`. Defective Code: $siteurl = trim($_POST['siteurl']); $sql = "UPDATE `".$db_prefix."config` SET `value` = '$siteurl' WHERE `id` = 2"; $pdo->exec($sql); An unauthenticated attacker can exploit this by manipulating the 'siteurl' parameter during the installation process. By using error-based SQL injection payloads (such as `updatexml`), the attacker can extract sensitive information from the database, including the database user, version, and administrator credentials, potentially leading to an administrative account takeover and subsequent Remote Code Execution (RCE) via backend template modifications.
원천⚠️ https://github.com/drose025/security/blob/main/1.md
사용자
 D.Rose (UID 46535)
제출2026. 05. 28. AM 11:19 (1 월 ago)
모더레이션2026. 06. 28. AM 09:59 (1 month later)
상태수락
VulDB 항목374537 [YzmCMS 까지 7.5 index.php siteurl SQL 주입]
포인트들20

Interested in the pricing of exploits?

See the underground prices here!