YXcms1.2.8两处任意文件删除可reinstall
简要描述: 1.2.8 详细说明: 一处没有过滤,一处过滤失误 第一处:/protected/apps/member/controller/inforController.php public function index $auth=$this-auth; $id=$auth'id'; if!$this-isPost $info=model'members'-find"id='$id'"; $this-info=$info; $this-path=ROOT.'https://images.seebug.org/upload/member/image/';...