Cocoli

Name of the Vulnerable Software and Affected Versions: OpenSNS version 6.1.0 Description: The issue is a blind SQL injection vulnerability. It is located in the /Controller/ChinaCityController.class.php file and can be exploited via the `pid` parameter. Recommendations: For OpenSNS version 6.1.0, avoid using the `pid` parameter in the /Controller/ChinaCityController.class.php file until the issue is resolved. As a temporary workaround, consider restricting access to the /Controller/ChinaCityController.class.php file to minimize the risk of exploitation.