Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS v1.0.2(latest) discovered by "ADLab of Venustech" #71
The updateMenuOrder function in inc/lib/Menus.class.php(line 364):
The update function in inc/lib/Db.class.php(line 322):
We'll find that the "$key" in $set .= "
Don't forget to get a token first.
thank you, but this had been fixed at the latest release already. see this https://github.com/semplon/GeniXCMS/blob/master/inc/lib/Db.class.php#L322
i don't know if the fix is solve the problem, but at least please try the latest release which is 1.0.2 already.