Needs an account of normal user with edit module permissions.
in BigTree\core\admin\auto-modules\forms\process.php:
get tags parameter: $tags = $_POST["_tags"];
call updateItem() or createItem() with tags: BigTreeAutoModule::updateItem($table,$edit_id,$item,$many_to_many,$tags);
in updateItem() or createItem():
foreach ($tags as $tag) {
sqlquery("DELETE FROM bigtree_tags_rel WHERE 'table' = '".sqlescape($table)."' AND entry = $id AND tag = $tag");
sqlquery("INSERT INTO bigtree_tags_rel ('table','entry','tag') VALUES ('".sqlescape($table)."',$id,$tag)");
}
call sqlquery() without sqlescape() the tag parameter. cause sql injection
SQL injection in bigtreecms 4.2.18
Needs an account of normal user with edit module permissions.
in BigTree\core\admin\auto-modules\forms\process.php:
get tags parameter:
$tags = $_POST["_tags"];call updateItem() or createItem() with tags:
BigTreeAutoModule::updateItem($table,$edit_id,$item,$many_to_many,$tags);in updateItem() or createItem():
call sqlquery() without sqlescape() the tag parameter. cause sql injection
to exploit:
The text was updated successfully, but these errors were encountered: