Submeter #795348: JizhiCMS JiZhiCMS v2.5.6 SQL injectioninformação

TítuloJizhiCMS JiZhiCMS v2.5.6 SQL injection
DescriçãoThis feature point decodes user input through the htmlspecialchars_decode() function. The prepended code only performs simple filtering on the user input content. The SQL statement content constructed by the attacker is decoded and directly concatenated into the SQL statement, exploiting time-blind injection to achieve SQL injection.
Fonte⚠️ https://github.com/qingyun985/Cyber-Security/issues/4
Utilizador
 qingyunsec (UID 96803)
Submissão02/04/2026 10h36 (há 25 dias)
Moderação24/04/2026 20h52 (22 days later)
EstadoAceite
Entrada VulDB359521 [JiZhiCMS até 2.5.6 addcache.html htmlspecialchars_decode sqls Injeção SQL]
Pontos19

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!