CVE-2019-11362

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI...

EUVD-2019-3040

Malware in sbrugna...

CVE-2019-11362

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI...

CVE-2019-11362

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI...

Sql injection

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI...

CVE-2019-11362

app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI...

CVE-2019-11362

The CVE-2019-11362 entry describes an SQL injection in ROCBOSS V2.2.1, arising from unsafely handling the Post:doReward score parameter in app/controllers/frontend/PostController.php. The vulnerability is demonstrated via the /do/reward/3 URI. Connected documents confirm the same description acro...

ROCBOSS 1.1 /module/user.module.class.php SQL注入漏洞

漏洞文件： \module\user.module.class.php 第11行代码： $userInfo=Common::getMemberInfo$this-db,isnumeric$userId ? 'uid' : 'nickname', $userId; 这一行代码进行了数据库查询，关键之处在$userId这个变量上 向上回溯到第10行代码： $userId=isset$GET'id' && trim$GET'id' != '' ? $GET'id' : $this-loginInfo'uid'; 当$GET‘id’被赋值的时候这个参数就能控制了，而且没有进行过滤。...