제출 #844293: GitHub eyoucms v1.7.1 SQL Injection정보

제목GitHub eyoucms v1.7.1 SQL Injection
설명1. Vulnerability Introduction github:https://github.com/weng-xianhu/eyoucms -System Name: EyouCMS -System version: v1.7.1 -Vulnerability triggers routing:/index. php? s=/home/Ask/ajax_show_comment -Control parameter: click_ike -Harm: SQL injection, attackers can extract sensitive information such as administrator account passwords from the database by passing in malicious SQL statements 2. Vulnerability Analysis Vulnerable File (Model layer): application/home/model/Ask.php The GetAskReplyData method accepts the $param['click_like'] parameter, only checks whether the parameter is empty, and if not empty, directly concatenates it into the ORDER BY clause, then calls ->order() to execute the raw SQL: $OrderBy = !empty($param['click_like']) ? 'a.click_like ' . $param['click_like'] . ', a.add_time asc' : 'a.add_time asc'; ->order($OrderBy) Vulnerable Trigger File (Controller layer): application/home/controller/Ask.php In the ajax_show_comment method, the route /home/Ask/ajax_show_comment accepts all parameters via input('param.') and directly passes them into the GetAskReplyData method without any filtering or validation, resulting in SQL injection: public function ajax_show_comment() { if (IS_AJAX_POST) { $param = input('param.'); // No filtering $Comment = $this->AskModel->GetAskReplyData($param, $this->parent_id); } } 3. Vulnerability reproduction https://github.com/dijia4712/picx-images-hosting/raw/master/2.pfzdxyl20.webp
원천⚠️ https://github.com/weng-xianhu/eyoucms/issues/68
사용자
 dijia1234 (UID 98657)
제출2026. 05. 31. PM 05:56 (1 월 ago)
모더레이션2026. 06. 28. PM 08:27 (28 days later)
상태중복
VulDB 항목374577 [weng-xianhu EyouCMS 까지 1.7.1 API /index.php click_like SQL 주입]
포인트들0

Want to know what is going to be exploited?

We predict KEV entries!