Submit #681507: DedeBIZ CMS v6.3.2 archives_add.php SQL Injectioninfo

TitleDedeBIZ CMS v6.3.2 archives_add.php SQL Injection
DescriptionSQL Injection Vulnerability in DedeCMS archives_add.php File via flags[] Parameter A critical sql injection vulnerability has been identified in DedeBIZ CMS version 6.3.2.The vulnerability is in admin/archives_add.php.In the document publishing function of DedeCMS, the archives_add.php file improperly handles the flags[] array parameter without adequate filtering and escaping, allowing attackers to perform SQL injection attacks by constructing malicious flags array parameters. An immediate remedy is recommended, To protect the system from potential attacks.
Source⚠️ https://github.com/ZZCTD/zz_test/issues/4
User
 Anonymous User
Submission10/24/2025 04:09 (8 months ago)
Moderation11/09/2025 08:00 (16 days later)
StatusAccepted
VulDB entry331647 [DedeBIZ up to 6.3.2 /admin/archives_add.php flags[] sql injection]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!