| Название | Taokeyun Taokeyun <=1.0.5 SQL Injection |
|---|
| Описание | The Taokeyun software, version 1.0.5 and below, suffers from a critical SQL Injection vulnerability in the file application/index/controller/app/Video.php. Specifically, the "index" function improperly handles user-supplied input in the 'cid' parameter, leading to potential manipulation of SQL queries. This flaw could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized access, data leakage, or other malicious activities. |
|---|
| Источник | ⚠️ https://note.zhaoj.in/share/MuWxURhTIYTP |
|---|
| Пользователь | glzjin (UID 59815) |
|---|
| Представление | 11.01.2024 09:03 (2 лет назад) |
|---|
| Модерация | 12.01.2024 12:11 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 250587 [Taokeyun до 1.0.5 HTTP POST Request Video.php index cid SQL-инъекция] |
|---|
| Баллы | 20 |
|---|