You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Needs an account of normal user with edit module permissions.
in BigTree\core\admin\auto-modules\forms\process.php:
get tags parameter: $tags = $_POST["_tags"];
call updateItem() or createItem() with tags: BigTreeAutoModule::updateItem($table,$edit_id,$item,$many_to_many,$tags);
in updateItem() or createItem():
foreach ($tags as $tag) {
sqlquery("DELETE FROM bigtree_tags_rel WHERE 'table' = '".sqlescape($table)."' AND entry = $id AND tag = $tag");
sqlquery("INSERT INTO bigtree_tags_rel ('table','entry','tag') VALUES ('".sqlescape($table)."',$id,$tag)");
}
call sqlquery() without sqlescape() the tag parameter. cause sql injection
SQL injection in bigtreecms 4.2.18
Needs an account of normal user with edit module permissions.
in BigTree\core\admin\auto-modules\forms\process.php:
get tags parameter:
$tags = $_POST["_tags"];
call updateItem() or createItem() with tags:
BigTreeAutoModule::updateItem($table,$edit_id,$item,$many_to_many,$tags);
in updateItem() or createItem():
call sqlquery() without sqlescape() the tag parameter. cause sql injection
to exploit:
The text was updated successfully, but these errors were encountered: