S-CMS version 1.1 suffers from a local file inclusion vulnerability in plugin.php
s-cms/plugin.php code: $page=$GET'page'; error 1 $sqlselectplugincase= mysqlquery"SELECT FROM ".$prefix."plugins WHERE active = '1' AND file='$page'"; if $sqlselectplugincase include "plugins/$page"; error 2 S-CMS version 1.1 暂无 yildirimordulari.com/s-cms/plugin.php?page=File for demo:...