CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

seebug.org•added 2006/10/26 12:0 a.m.•41 views

动易NewComment.asp注入漏洞

在NewComment.asp文件中 ModuleName = Trimrequest"ModuleName" 这个ModuleName变量没过滤好，从而导致，我们可以在下面的SQL语句中构造我们的 SQL语句 If ModuleName "" Then If ChannelID 0 Then If ClassID 0 Then sqlComment = "Select top " & Num & " C. from PEComment C left join PE" & ModuleName & " A on C.InfoID=A." & ModuleName &...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by