Injection exists at /admin/index.php?mode=content&page=pages&action=edit&eid=1
Find the corresponding location of the source code through the page information, but most of the $_POST[] data has a filter function validate_text()
Only 'eid' does not add filter
Test page
Sqlmap result display
Protection suggestion
add a filter function validate_text() to $_POST['eid']
The text was updated successfully, but these errors were encountered:
background sql injection
source address
https://github.com/alexlang24/bloofoxCMS/archive/refs/heads/master.zip
Injection exists at /admin/index.php?mode=content&page=pages&action=edit&eid=1

Find the corresponding location of the source code through the page information, but most of the $_POST[] data has a filter function validate_text()


Only 'eid' does not add filter
Test page


Sqlmap result display

Protection suggestion
add a filter function validate_text() to $_POST['eid']
The text was updated successfully, but these errors were encountered: