Thank you very much for your exception. The general management background, as the largest authority, is equivalent to the use of the largest manager. The risk level is relatively low. However, we still repaired it overnight and submitted the latest version.
In addition, the current github warehouse is a little old. You can see the latest warehouse https://gitee.com/mail_osc/wangmarket The final review of the major version of v6.0 is currently under way. We will also sync to the latest version of github tomorrow or the day after tomorrow
baimao-box
changed the title
wangmarket CMS v4.10 has a SQL injection
wangmarket CMS v6.10 has a SQL injection
May 9, 2023
baimao-box
changed the title
wangmarket CMS v6.10 has a SQL injection
wangmarket CMS v6.1 has a SQL injection
May 9, 2023
wangmarket CMS version:v4.10
The query statement directly brings the user's input into mysql for query without filtering, resulting in sql injection vulnerability
Sql injection vulnerability : /plugin/dataDictionary/tableView.do?tableName=
sqlmap:
The text was updated successfully, but these errors were encountered: