提交 #844292: GitHub eyoucms v1.7.1 SQL Injection信息

标题	GitHub eyoucms v1.7.1 SQL Injection
描述	1. Vulnerability Introduction github地址:https://github.com/weng-xianhu/eyoucms/issues/68 -System Name: EyouCMS -System version: v1.7.1 -Vulnerability triggers routing:/index. php? s=/home/Ask/ajax_show_comment -Control parameter: click_ike -Harm: SQL injection, attackers can extract sensitive information such as administrator account passwords from the database by passing in malicious SQL statements 2. Vulnerability Analysis Vulnerable File (Model layer): application/home/model/Ask.php The GetAskReplyData method accepts the $param['click_like'] parameter, only checks whether the parameter is empty, and if not empty, directly concatenates it into the ORDER BY clause, then calls ->order() to execute the raw SQL: $OrderBy = !empty($param['click_like']) ? 'a.click_like ' . $param['click_like'] . ', a.add_time asc' : 'a.add_time asc'; ->order($OrderBy) Vulnerable Trigger File (Controller layer): application/home/controller/Ask.php In the ajax_show_comment method, the route /home/Ask/ajax_show_comment accepts all parameters via input('param.') and directly passes them into the GetAskReplyData method without any filtering or validation, resulting in SQL injection: public function ajax_show_comment() { if (IS_AJAX_POST) { $param = input('param.'); // No filtering $Comment = $this->AskModel->GetAskReplyData($param, $this->parent_id); } } 3. Vulnerability reproduction https://private-user-images.githubusercontent.com/171806284/600611717-2ae821a6-363a-4440-bf02-8ceff68feb46.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3ODAyNDI5MjYsIm5iZiI6MTc4MDI0MjYyNiwicGF0aCI6Ii8xNzE4MDYyODQvNjAwNjExNzE3LTJhZTgyMWE2LTM2M2EtNDQ0MC1iZjAyLThjZWZmNjhmZWI0Ni5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjYwNTMxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI2MDUzMVQxNTUwMjZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT05YmJkZDVlMzk3N2IzY2U0Yzg1YmZmNGZkNWRiN2ZkYWNiOWNjMDc3ZmJlMmRhODVlMzdjNGU0ZGUzYjI3NDI4JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZyZXNwb25zZS1jb250ZW50LXR5cGU9aW1hZ2UlMkZwbmcifQ.2wzDxdyZ2qBPa3xVfI6KOr5TWfaKpHVpHvQAetIPSgc
来源	⚠️ https://github.com/weng-xianhu/eyoucms/issues/68
用户	dijia1234 (UID 98657)
提交	2026-05-31 17時51分 (29 日前)
管理	2026-06-28 20時27分 (28 days later)
状态	已接受
VulDB条目	374577 [weng-xianhu EyouCMS 直到 1.7.1 API /index.php click_like SQL注入]
积分	20

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!