Submeter #517927: fastcms v0.1.5 SQL injection vulnerabilityinformação

Títulofastcms v0.1.5 SQL injection vulnerability
DescriçãoThe `client/article/list` interface of fastcms_v0.1.5 contains a SQL injection vulnerability. Attackers can exploit this vulnerability by constructing special SQL statements through the `orderBy` parameter, achieving the effect of SQL time-based blind injection, and thereby stealing sensitive information from the database.
Fonte⚠️ https://github.com/IceFoxH/VULN/issues/8
Utilizador
 icefoxh (UID 82165)
Submissão11/03/2025 07h48 (há 1 Ano)
Moderação21/03/2025 08h18 (10 days later)
EstadoDuplicado
Entrada VulDB300577 [FastCMS até 0.1.5 /api/client/article/list orderBy Injeção SQL]
Pontos0

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!