TCCMS在app/controller/news.class.php存在sql注入漏洞

漏洞成因 在app/controller/news.class.php中all函数对参数过滤不严 public function all $this-userIsLogin ; $Obj = M$this-objName; $categoryObj = M"category"; $Obj-pageSize = 20; $where = "1=1"; $key = StringUtil::GetSQLValueString$POST'key'; $cid = intval$GET'cid'; if $key != "" $where .= " and title like...

phpyun v4.0 api/locoy/model/news.class.php SQL注入漏洞

No description provided by source...

TCCMSV9.0 最新版多处sql注入(GPC 条件）

简要描述： RT 详细说明： 在app/controller/news.class.php中 public function saveOrUpdate $this-userIsLogin ; $powerObj = M'power'; $groupObj = M'group'; $fieldObj = M"field"; $Obj = M$this-objName; $newsObj = M"content"; $msgObj = new Msg; //栏目发布权限判断 $userGroupId = $powerObj-getUserGroupId;...