PT-2018-12541 · Wuzhi · Wuzhi Cms
Publicado
2018-07-20
·
Atualizado
2018-09-14
·
CVE-2018-14472
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WUZHI CMS version 4.1.0
Description
An issue was discovered in the coreframe/app/order/admin/goods.php file, where the
keywords parameter is taken directly into execution without filtering, leading to SQL injection.Recommendations
For WUZHI CMS version 4.1.0, consider filtering or sanitizing the
keywords parameter to prevent SQL injection until a patch is available. As a temporary workaround, restrict access to the goods.php file in the coreframe/app/order/admin directory to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wuzhi Cms