Submeter #246653: https://github.com/DedeBIZ/DedeV6 window 6.2 sql注入informação

Títulohttps://github.com/DedeBIZ/DedeV6 window 6.2 sql注入
DescriçãoDedeBIZ V6.2 /src/admin/content_batchup_action.php 中存在 SQL 注入漏洞,危害较大。 [Suggested description] SQL injection vulnerability exists in DedeBIZ V6.2 in /src/admin/content_batchup_action.php [Vulnerability Type] SQL INJECTION [Vendor of Product] https://github.com/DedeBIZ/DedeV6 [Affected Product Code Base] DedeBIZ V6.2 [Affected Component] File: /src/admin/content_batchup_action.php Parameter: endid [Attack Type] Remote [Cause of vulnerability] in /src/admin/content_batchup_action.php,there is possibility of sql injection is the sql statement ‘$dsql->SetQuery("SELECT id FROM `#@__archives` $gwhere");’
Fonte⚠️ https://github.com/ycwxy/test/issues/1
Utilizador
 smallCatCat (UID 59493)
Submissão03/12/2023 08h33 (há 3 anos)
Moderação13/12/2023 08h27 (10 days later)
EstadoAceite
Entrada VulDB247883 [DedeBIZ 6.2 content_batchup_action.php endid Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!