Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
phpcms 2008 in yp/product.php
there is no filter before or after the pagesize value pass to $urlrules
and after template render ,we come to a function which will evaluate the data like below:
so the evalutate will trigger a arbitry command injection.
poc like this: /yp/product.php?pagesize=${@phpinfo()}
The text was updated successfully, but these errors were encountered:
No branches or pull requests
phpcms 2008 in yp/product.php

there is no filter before or after the pagesize value pass to $urlrules

and after template render ,we come to a function which will evaluate the data like below:
so the evalutate will trigger a arbitry command injection.
poc like this:
/yp/product.php?pagesize=${@phpinfo()}
The text was updated successfully, but these errors were encountered: