提交 #799570: Guangzhou Duoduo Information Technology Co., Ltd. likeadmin_php <= 1.9.6 SQL Injection信息

标题Guangzhou Duoduo Information Technology Co., Ltd. likeadmin_php <= 1.9.6 SQL Injection
描述A SQL injection vulnerability exists in the /adminapi/tools.generator/dataTable endpoint of likeadmin_php. The backend directly concatenates user-supplied input parameters (such as name and comment) into SQL queries without proper sanitization or parameterization. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary SQL statements, leading to sensitive data disclosure, data manipulation, and potentially remote code execution (RCE) under certain conditions.
来源⚠️ https://github.com/likeadmin-likeshop/likeadmin_php/issues/8
用户
 z0ng (UID 96775)
提交2026-04-08 10時48分 (19 日前)
管理2026-04-26 10時03分 (18 days later)
状态已接受
VulDB条目359658 [likeadmin-likeshop likeadmin_php 直到 1.9.6 dataTable Admin API DataTableLists.php queryResult SQL注入]
积分20

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!