2 matches found
CVE-2026-38428
Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...
Thinksaas SQL注入#2
简要描述: Thinksaas SQL注入2 详细说明: Thinksaas 最新版在小组发表帖子时,帖子内容中可以@其他用户,这里在处理@的用户时,只在前台过滤,未在后台过滤,而且没有通过sql安全检查,直接拼接到sql语句中,导致sql注入。还有一处是在编辑补贴内容处,title和content都么过滤 来看看发帖的地方,参数的传递: // 执行发布帖子 case "do" : if $POST 'token' != $SESSION 'token' tsNotice '非法操作!' ; $authcode = strtolower $POST 'authcode' ; if...