6 matches found
CVE-2019-6805
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php Oid parameter...
Sql injection
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php Oid parameter...
CVE-2019-6805
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php Oid parameter...
CVE-2019-6805
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php Oid parameter...
CVE-2019-6805
CVE-2019-6805 is a SQL injection vulnerability in S-CMS v3.0, exploitable via the alipay/alipayapi.php O_id parameter. The issue allows partial to full disclosure/impact on confidentiality, integrity, and availability (per CVSS 2.0/3.0 vectors; base scores 7.5 and 9.8 respectively). The provided ...
Maccms V8 注入两枚
简要描述: 过滤不严。无需单引号。同一文件。 详细说明: 在inc/user/alipay/alipayapi.php中 $outtradeno = $POST'WIDouttradeno';//可控 //商户网站订单系统中唯一订单号,必填 //订单名称 $subject = $POST'WIDsubject'; //必填 //付款金额 $price = $POST'WIDprice'; //必填 //商品数量 $quantity = "1"; //必填,建议默认为1,不改变值,把一次交易看成是一次下订单而非购买一件商品 //物流费用 $logisticsfee = "0.00";...