dsmall cross-site scripting vulnerability (CNVD-2018-07558)

dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can inject arbitrary HTML/JavaScript code to obtain sensitive information via the member query box in the...

Discuz Spache.php注射漏洞

discuz的空间功能 space.php $member = $db-fetchfirst"SELECT m., mf., u.grouptitle, u.type, u.creditshigher, u.creditslower, u.readaccess, u.color AS groupcolor, u.stars AS groupstars, u.allownickname, u.allowuseblog, r.ranktitle, r.color AS rankcolor, r.stars AS rankstars $oltimeadd1 FROM...