CMSQLite <= 1.2 c参数SQL注入漏洞

CMSQLite是基于PHP和SQLite的内容管理系统。 CMSQlite的index.php页面存在SQL注入漏洞： ifisset$GET'c' $contentId=$GET'c'; else if $seourl $arrArticleInfo = $SYSTEM-resolveURL$SERVER'REQUESTURI', $langId; ifempty$arrArticleInfo $contentId=1; else $contentId = $arrArticleInfo0'articleId'; $module = $arrArticleInfo0'module';...