schoolcms schoolcms2.3.1 2.3.1 SQL injectioninfo

Title	https://github.com/gongfuxiang/schoolcms schoolcms2.3.1 2.3.1 SQL injection
Description	This source code is developed using thinkphp 3.2.3 framework, There is a historical SQL injection vulnerability in the thinkphp3.2.3 framework,and if there are controllable variables in the find(), selete(), and delete() functions, there will be SQL injection，The variable id is a controllable variable
Source	⚠️ https://github.com/adminnerr/cve/issues/1
User	kai_kk (UID 85022)
Submission	05/07/2025 08:49 (1 Year ago)
Moderation	05/15/2025 18:14 (8 days later)
Status	Accepted
VulDB entry	309105 [gongfuxiang schoolcms 2.3.1 index.php?m=Admin&c=article&a=SaveInfo ID sql injection]
Points	18

Do you want to use VulDB in your project?

Use the official API to access entries easily!