Open
Description
Brief of this vulnerability
EmpireCMS v7.5 has sql injection vulnerability in adding advertisement category
Test Environment
- Windows10
- PHP 5.5.9+Apache/2.4.39
Affect version
EmpireCMS 7.5
Vulnerable Code
e\admin\tool\AdClass.php line 30
The variable $add passed in by the AddAdClass function is inserted into the sql statement without any filtering, resulting in a sql injection vulnerability
Vulnerability display
First enter the background
Click as shown,go to the ad management module
Click to add and capture the packet
Modify parameters
payload:add%5Bclassname%5D=2bob' or updatexml(1,concat(0x7e,version()),0) or '
Successfully obtained the database version number
Metadata
Assignees
Labels
No labels





