Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
19 lines (18 sloc) 726 Bytes

UCMS

Vulnerability Name:SQL Injection

UCMS has SQL Injection in the installing file.

Vulnerability version number:

UCMS v1.4.6

Vulnerability:

high risk

Location

The vulnerability located in the /install/index.php. imgage imgage

Vulnerability Description:

When in the progress of installing.The database name control is not strict during installation, which can lead to stack query injection.

payload

aa;select if(left((select current_user),4)='root',sleep(3),3); imgage

Suggestions for rectification:

Filter user input data.