CVE-2023-7183

A vulnerability has been found in 7-card Fakabao up to 1.0build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipaynotify.php. The manipulation of the argument outtradeno leads to sql injection. The exploit has been disclosed to t...

frcms 多处注入 (demo成功)

简要描述： rt 详细说明： 在plus/onlinepay/alipaynotify.php中 $signtype = "MD5"; //加密方式 不需修改 $alipay = new alipaynotify$partner,$securitycode,$signtype,$inputcharset,$transport; //构造通知函数信息 $verifyresult = $alipay-notifyverify; //计算得出通知验证结果 $dingdan = $outtradeno; //获取支付宝传递过来的订单号 $total =...