| Название | HuangDou UTCMS V9 Execute any SQL statement |
|---|
| Описание | In the sql.php page, users can execute SQL query statements, but no results will be displayed. The problem is that there is no parameter filtering, and attackers can execute SELECT, CREATE, INSERT and other statements after logging into the backend. |
|---|
| Источник | ⚠️ https://github.com/DeepMountains/zzz/blob/main/CVE5-3.md |
|---|
| Пользователь | chenzijie0619 (UID 74657) |
|---|
| Представление | 06.10.2024 04:51 (2 лет назад) |
|---|
| Модерация | 12.10.2024 18:16 (7 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 280246 [HuangDou UTCMS V9 sql.php RunSql sql SQL-инъекция] |
|---|
| Баллы | 16 |
|---|