DamiCMS 2.2 /Web/Lib/Action/ApiAction.class.php SQL注入漏洞

/Web/Lib/Action/ApiAction.class.php$field =!empty$REQUEST'field'?injectcheck$REQUEST'field':''; $m=new Model$model,"",false; //如果使用了分页,缓存也不生效 if$page import"@.ORG.Page"; //这里改成你的Page类 $count=$m-where$where-count; $totalpage = ceil$count / $pagesize; $p = new Page$count,$pagesize; //如果使用了分页，num将不起...