PHPCMS system adsclass.PhpSQL Injection Vulnerability Author: Unknow
Affected Versions:
Phpcms2008sp4_UTF8_100510
Program introduction:
Phpcms is a PHP + Mysql-basedArchitectureThe website content management system is also an open source PHP development platform. Phpcms is developed in modular mode and features are easy to use and easy to expand. It provides heavyweight website construction solutions for large and medium-sized websites. Over the past three years, with the rich Web development and database experience accumulated by the Phpcms team for a long time and the brave innovation in pursuing the perfect design concept, Phpcms has been recognized by nearly 0.1 million websites, and is increasingly applied to large and medium-sized commercial websites.
Vulnerability Analysis:
Ads \ I NcLude \ ads. class. phpfunction EdIt ($ ads, $ ads Id, $ Username = '') // 110 rows {if (! $ This-> check_fo Rm($ Ads) return FALSE; $ ads = $ this-> check_form ($ ads); if (defined ('in _ admin') {$ ads ['from Date'] = S TrTo Time($ Ads ['fromdate']); $ ads ['todate'] = strtotime ($ ads ['todate']);} $ this-> adsid = $ adsid; $ where = 'adsid = '. $ this-> adsid; if ($ username) $ where. = "AND username = '$ username'"; return $ this-> db-> update ($ this-> table, $ ads, $ where);} Ads \ member. phpif (! $ C_ads-> edit ($ info, $ adsid, $ _ username) showmessage ($ c_ads-> msg (), 'goback'); // 47 rows
The variable $ adsid directly enters the SQL query without being processed, resulting in SQL injection.
Vulnerability Exploitation:
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
