PHPYun v3.2 /model/ajax.class.php SQL注入漏洞
/model/index.class.phpfunction exchangesaction $GET'page'=$POST'page'; $where=$POST'jobwhere'." ORDER BY lastupdate DESC"; $urlarr'page'="page"; $pageurl=$this-url"index","index",$urlarr; $rows=$this-getpage"companyjob",$where,$pageurl,6,"id,name,uid,salary,edu,lastupdate"; if$rows&&isarray$rows...