SQL injection vulnerability in CmsTop media Edition

SQL injection vulnerability in CmsTop media Edition

The problem occurs in the uc. php interface. The key is the default one, but the UC interface is not correctly enabled.

Because the GPC is disabled in the code, injection may occur.

$ Set = setting ('member'); $ set ['uc _ dbtablepre'] = '''. $ set ['uc _ dbname']. ''. '. $ set ['uc _ dbtablepre']; $ set = array_change_key_case ($ set, CASE_UPPER); foreach ($ set as $ k => $ v) {if (preg_match ('/^ UC _/', $ k) define ($ k, $ v) ;}// check the configuration data in the database. Then set it to a constant. If (! Defined ('in _ uc') {// it seems that the IN_UC constant is not set, so the condition is true if (MAGIC_QUOTES_GPC) {$ get = _ stripslashes ($ get ); // If GPC is enabled, cancel the escape .}

Since the uc interface uses its own database connection, we can just find a function to call.

function renameuser($get, $post) {$uid = $get['uid'];$usernameold = $get['oldusername'];$usernamenew = $get['newusername'];if(!API_RENAMEUSER) {return API_RETURN_FORBIDDEN;}$this->db->query("UPDATE #table_member SET `username`='$usernamenew' WHERE userid='$uid'");return API_RETURN_SUCCEED;}

This is a good idea. You can update the password of any account or inject the echo. (The Administrator is in the same table)

You can also use the synlogin function to log on to any account.

This cms uses a large number of websites.

Solution:
Determine whether uc is enabled.