Skip to content

SQL injection vulnerability in maccms10 background #931

Closed
@GxBSXUKing

Description

Vulnerability name:SQL injection
Vulnerability level:Medium risk
Affected version:v2021.1000.1081<=v2022.1000.3031
Vulnerability location:
Log in to the background and click the database function module to select the data batch replacement function
Image
Image
Intercept selection data table
Image
Enter payload to attack
Image
Audit the code. There is no restriction on the type and length of the parameter tables, and there is no token verification
Image
This vulnerability can obtain a large amount of data
Image

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions