-
-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[sql injection] #61
Comments
I found some unsafe method to cause a lot of problems. I hope this helps you. method issueCan see this in Db.class.php, You can see that escape is safe.
This program will generally use
It encodes the HTML character, But issue1
if
it look like this:
issue2
here :
when Example:
here have safe issue:
Of course, update also has this problem. |
I would like to apply for cve-id, I really hope you can help me.T |
First, make sure the issues are legitimate and the vendor has verified them. If they are issues, then you or the vendor can request IDs from https://cveform.mitre.org/. |
@l3m0n master really handsome |
Hello @l3m0n, thanks again for introducing the issues. I'm very excited to know the issues so I can improve GeniXCMS. part 2: Method Issues Issue 1 Issue 2 and yes as @attritionorg mention, for CVE please ask at their website. Just fill in what is necessary. Once again, thank you for your kindly report. |
[sql injection]
issue1:
/inc/lib/Control/Backend/posts.control.php
exp1:
issue2:
/inc/mod/newsletter/options.php
exp2:
The text was updated successfully, but these errors were encountered: