程氏CMS v3.5 app/controllers/dance.php SQL注入漏洞

0x01 漏洞详情 漏洞页面 app/controllers/dance.php public function so $data='';$datacontent=''; $fid = $this-security-xssclean$this-uri-segment3; //方式 $key = $this-security-xssclean$this-input-getpost'key', TRUE; //关键字 $page = intval$this-input-get'p', TRUE; //页数 if$page==0 $page=1;...