CVE-2019-14266

Name of the Vulnerable Software and Affected Versions OpenSNS version 6.1.0

Description The issue allows SQL Injection via the "index.php?s=/ucenter/Config/" endpoint, specifically through the uid parameter. This is due to the getNeedQueryData function in Application/Common/Model/UserModel.class.php.

Recommendations For OpenSNS version 6.1.0, consider restricting access to the uid parameter in the affected endpoint until a patch is available. As a temporary workaround, avoid using the uid parameter in the "index.php?s=/ucenter/Config/" endpoint to minimize the risk of exploitation.