In the card.php file, the $keytype parameter and the $keywords parameter under the listing method are controllable, and the $keywords parameter is not strictly filtered, causing SQL injection vulnerabilities!
The text was updated successfully, but these errors were encountered:
tcyba
changed the title
Wuzhicms v4.1.0 coreframe/coreframe/app/order/admin/card.php hava a SQL Injection Vulnerability
Wuzhicms v4.1.0 /coreframe/app/order/admin/card.php hava a SQL Injection Vulnerability
Sep 6, 2021
Vulnerability file:
/coreframe/app/order/admin/card.php:21-45In the
card.phpfile, the$keytypeparameter and the$keywordsparameter under thelistingmethod are controllable, and the$keywordsparameter is not strictly filtered, causing SQL injection vulnerabilities!POC
The text was updated successfully, but these errors were encountered: