| 标题 | Taokeyun Taokeyun <=1.0.5 SQL Injection |
|---|
| 描述 | The Taokeyun software, version 1.0.5 and below, suffers from a critical SQL Injection vulnerability in the file application/index/controller/app/Video.php. Specifically, the "index" function improperly handles user-supplied input in the 'cid' parameter, leading to potential manipulation of SQL queries. This flaw could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized access, data leakage, or other malicious activities. |
|---|
| 来源 | ⚠️ https://note.zhaoj.in/share/MuWxURhTIYTP |
|---|
| 用户 | glzjin (UID 59815) |
|---|
| 提交 | 2024-01-11 09時03分 (2 年前) |
|---|
| 管理 | 2024-01-12 12時11分 (1 day later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 250587 [Taokeyun 直到 1.0.5 HTTP POST Request Video.php index cid SQL注入] |
|---|
| 积分 | 20 |
|---|