2 matches found
CVE-2026-58580
LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...
FengCms1.30注入(前台)
简要描述: http://www.fengcms.com/ 最新版本1.30 详细说明: app\model\messageModel.php public function save$array if$SESSION'authnum'!=$array'vcode'||$SESSION'authnum'=="" return array'status' = 'c';exit; unset$array'vcode'; $re=D$this-dname-insert$array; if$re $SESSION'authnum'=""; return array'status' =...