4 matches found
CVE-2021-24390
A proid GET parameter of the WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection...
CVE-2021-24390
A proid GET parameter of the WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection...
CVE-2021-24390
The CVE-2021-24390 entry corresponds to an authenticated SQL injection in the WordPress Alipay plugin (versions up to 3.7.2). The vulnerability stems from the proid GET parameter not being properly sanitised/escaped/validated before being interpolated into an SQL statement, enabling an attacker w...
php云人才系统 注入漏洞
简要描述: php云人才系统 注入漏洞 详细说明: php云人才系统 注入漏洞 tenpay的KEY没有初始化 导致的注入漏洞! /api/tenpay/returnurl.php requireoncedirnamedirnamedirnameFILE."/data/db.config.php"; requireoncedirnamedirnamedirnameFILE."/include/mysql.class.php"; $db = new mysql$dbconfig'dbhost', $dbconfig'dbuser', $dbconfig'dbpass',...