2 matches found
CVE-2021-39164
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...
Stcms sql injection and fix-vulnerability warning-the black bar safety net
Any sql statement is executed case 'list': $totalNum = $mysql-numTable"member", $where; $pageNum = 2 0; $totalPage = intval$totalNum/$pageNum == $totalNum/$pageNum ? $totalNum/$pageNum : intval$totalNum/$pageNum+1; $page = $page ? $page : 1; $page = $page$totalPage ? $totalPage : $page; $page =...