Logic Flaw Vulnerability in LeShang Mall Open Source System (CNVD-2020-50730)

LeShangMall is a lightweight mall website management system, based on Thinkphp5+Mysql architecture, can run on Linux, Windows, MacOSX, Solaris and other platforms, the template is separated from the program, support for custom pseudo-static, the front template using DIV + CSS design can be orient...

YXcms1.2.7 刷账户预存款余额

简要描述： YXcms1.2.7 刷账户预存款余额 详细说明： 问题存在于protested/apps/member/controller/shopcarController.php 只判断了数目不能为负，但没有判断价格不能为负。 访问链接http://127.0.0.1/YXcmsApp1.2.7/index.php?r=member/shopcar/caradd post: 'code' = int 1 'name' = int 1 'price' = float -100 'num' = int 1 就向购物车里塞了一个负数价格的商品。 生成订单然后支付，就可以刷余额了。...