Submeter #799570: Guangzhou Duoduo Information Technology Co., Ltd. likeadmin_php <= 1.9.6 SQL Injectioninformação

TítuloGuangzhou Duoduo Information Technology Co., Ltd. likeadmin_php <= 1.9.6 SQL Injection
DescriçãoA SQL injection vulnerability exists in the /adminapi/tools.generator/dataTable endpoint of likeadmin_php. The backend directly concatenates user-supplied input parameters (such as name and comment) into SQL queries without proper sanitization or parameterization. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary SQL statements, leading to sensitive data disclosure, data manipulation, and potentially remote code execution (RCE) under certain conditions.
Fonte⚠️ https://github.com/likeadmin-likeshop/likeadmin_php/issues/8
Utilizador
 z0ng (UID 96775)
Submissão08/04/2026 10h48 (há 19 dias)
Moderação26/04/2026 10h03 (18 days later)
EstadoAceite
Entrada VulDB359658 [likeadmin-likeshop likeadmin_php até 1.9.6 dataTable Admin API DataTableLists.php queryResult Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!