Submit #799570: Guangzhou Duoduo Information Technology Co., Ltd. likeadmin_php <= 1.9.6 SQL Injectioninfo

TitleGuangzhou Duoduo Information Technology Co., Ltd. likeadmin_php <= 1.9.6 SQL Injection
DescriptionA SQL injection vulnerability exists in the /adminapi/tools.generator/dataTable endpoint of likeadmin_php. The backend directly concatenates user-supplied input parameters (such as name and comment) into SQL queries without proper sanitization or parameterization. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary SQL statements, leading to sensitive data disclosure, data manipulation, and potentially remote code execution (RCE) under certain conditions.
Source⚠️ https://github.com/likeadmin-likeshop/likeadmin_php/issues/8
User
 z0ng (UID 96775)
Submission04/08/2026 10:48 (19 days ago)
Moderation04/26/2026 10:03 (18 days later)
StatusAccepted
VulDB entry359658 [likeadmin-likeshop likeadmin_php up to 1.9.6 dataTable Admin API DataTableLists.php queryResult sql injection]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!