Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
112 lines (66 sloc) 3.77 KB

QCMS

The following vulnerabilities are all stored XSS, the main reason is that the user's input is not restricted and filtered.

Here is a unified description of the vulnerability: after the administrator logs in, you can modify and insert the XSS statement. It can be seen in the given code that the addition and modification do not limit the user's input, so the attacker can construct the statement. Inserted into it, causing XSS vulnerabilities

1

code

QCMS/upload/System/Controller/backend/system.php 9-39

show

2

code

QCMS/upload/System/Controller/backend/album.php 15-144

show

3

code

QCMS/upload/System/Controller/backend/category.php 9-49

show

4

code

QCMS/upload/System/Controller/backend/news.php 9-63

show

5

code

QCMS/upload/System/Controller/backend/product.php 15-157

show

6

code

QCMS/upload/System/Controller/backend/down.php 15-155

show

7

code

QCMS/upload/System/Controller/backend/user.php 11-120

show

8

code

QCMS/upload/System/Controller/backend/slideshow.php 9-43

show

Vulnerabilities are owned by Patec HanGuang Lab