CTSCMS 4.0 search.php SQL注入漏洞

在/plus/search.php文件，外界传入数组的key未经过安全过滤直接赋值给变量$typeid，并且在创建对象时将变量$typeid做为参数传递给了SearchView类的构造函数，将传进来的变量$typeid直接放入SQL查询语句中执行，导致了SQL注入漏洞的产生。 0 CTSCMS 4.0 将$typeid变量进行过滤!...

CTSCMS the latest vulnerability-vulnerability warning-the black bar safety net

China travel service website management systemCTSCMS.COMis a professional tourism website, the program source code, travel website, travel website templates, tourism website construction service providers,focusing on the tourism e-Commerce development services to travel agencies and tour it...

CTSCMS 4.0 /plus/search.php SQL注入漏洞

No description provided by source...

Travel website management system[CTSCMS]0day-vulnerability warning-the black bar safety net

New Year's extra point 0day,small shared! China travel service website management system CTSCMS, this site I recently found. The use of dedecms secondary development,weaving dreams of the kernel. Due to the neglect of the official system upgrade causes the program to have a lot of vulnerabilities...