xercms \XerCMS\Services\admin\member.php the background file contains any SQL statement execution vulnerability

In the D:\phpStudy\WWW\xercms\XerCMS\Services\admin\forms. in php updateTemplate（）function function updateTemplate $sname = g'sname';$data = stripslashesp'content'; fileputcontentsINC.' Data/forms/template/'.$ sname.'. htm',$data; $this-tips'finish',dreferer; You can see fileputcontentsINC.'...

hzhost6. 5 Hua public virtual host management system latest SQL vulnerability-vulnerability warning-the black bar safety net

This vulnerability out in the channeldmectr. asp this file,with no filtering of any parameter. Just here I have a genuine copy of the patch,open a look,patched the channeldmectr. asp file in the 2 1 row to the 4 row 0,add the following code: Program code Function SafeRequestParaName Dim ParaValue...