Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL injection vulnerability in maccms10 background #931

Closed
GxBSXUKing opened this issue Jul 1, 2022 · 1 comment
Closed

SQL injection vulnerability in maccms10 background #931

GxBSXUKing opened this issue Jul 1, 2022 · 1 comment

Comments

@GxBSXUKing
Copy link

Vulnerability name:SQL injection
Vulnerability level:Medium risk
Affected version:v2021.1000.1081<=v2022.1000.3031
Vulnerability location:
Log in to the background and click the database function module to select the data batch replacement function
Image
Image
Intercept selection data table
Image
Enter payload to attack
Image
Audit the code. There is no restriction on the type and length of the parameter tables, and there is no token verification
Image
This vulnerability can obtain a large amount of data
Image

@magicblack
Copy link
Owner

Fixed, thanks for your hard work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants