CSDJCMS V4 reg.php 参数username SQL注入漏洞

漏洞文件app/controllers/user/reg.php public function check $username = $this-security-xssclean$this-input-getpost'username', TRUE; //username $sqlu="SELECT csid FROM ".CSSqlPrefix."user where csname='".$username."'"; $row=$this-CsdjDB-getall$sqlu; if!$row echo 'no'; else echo 'ok';...

CSDJCMS系统 app/controllers/user/pay.php SQL注入漏洞

No description provided by source...

CSDJCMS 3.5 SQL注入漏洞

No description provided by source...