Gửi #799570: Guangzhou Duoduo Information Technology Co., Ltd. likeadmin_php <= 1.9.6 SQL Injectionthông tin

tiêu đềGuangzhou Duoduo Information Technology Co., Ltd. likeadmin_php <= 1.9.6 SQL Injection
Mô tảA SQL injection vulnerability exists in the /adminapi/tools.generator/dataTable endpoint of likeadmin_php. The backend directly concatenates user-supplied input parameters (such as name and comment) into SQL queries without proper sanitization or parameterization. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary SQL statements, leading to sensitive data disclosure, data manipulation, and potentially remote code execution (RCE) under certain conditions.
Nguồn⚠️ https://github.com/likeadmin-likeshop/likeadmin_php/issues/8
Người dùng
 z0ng (UID 96775)
Đệ trình08/04/2026 10:48 (cách đây 19 ngày)
Kiểm duyệt26/04/2026 10:03 (18 days later)
Trạng tháiđược chấp nhận
Mục VulDB359658 [likeadmin-likeshop likeadmin_php đến 1.9.6 dataTable Admin API DataTableLists.php queryResult Tiêm SQL]
điểm20

TrướcTổng QuanTiếp theo

Do you know our Splunk app?

Download it now for free!